Emergency patch for Windows systems stems from successful attacks

In the first emergency patch since April, Microsoft today released MS08-067. It fixes a remote code

execution vulnerability in the Windows Server Service. The patch fixes a hole that allows an attacker to execute what Microsoft calls a "wormable exploit" on Windows Server 2000, Windows XP and Windows 2003, but other Windows systems are vulnerable, too.

The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. Windows Vista and Windows Server 2008 require authentication and are less likely to be affected but are not off the hook. The attacker must be able to reach the RPC interface to exploit the vulnerability and Microsoft says the default settings of Windows XP SP2, Windows Vista and Windows Server 2008 use a firewall that blocks access to that interface. However, two conditions expose the RPC endpoint even on these firewall-protected operating systems. First, obviously, is if the firewall is disabled. But the other condition is if file/printer sharing is enabled and that's even if the firewall is enabled.

A whole lot of people use their PCs and servers to share files and printers. For that reason Microsoft has issued a lot of information about the patch, including a detailed chart of the systems at highest risk, on the company's Security Vulnerability Research & Defense blog. The blog says that Microsoft has already observed this attack in the wild.

This update replaces MS06-040 for XP, 2003 and 2000 and now is recommended for all other Windows operating systems including installations of Windows Server 2008 that used the server core installation.

Also check out the dangerous new vulnerability Symantec found today, particularly for XP systems, in which attackers use Microsoft help system to gain immediate control of a system, without requiring a reboot.

Visit the Microsoft Subnet home page for more news, blogs, podcasts.

More blog post from the Microsoft Subnet posts:

Also see:

12 tips for safe social networking10 questions for Microsoft's Windows Server 2008 guy, Jason Hermitage17 job-hunting resources for Windows prosUnder the hood of Hyper-V (master list of links). all Microsoft Subnet bloggers.bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Subscribe to

Sign up for the

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in