Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 23rd, 2008

Microsoft Releases Emergency Patch For Critical Windows Vulnerability

Microsoft has released an out-of-band patch to fix an extremely critical vulnerability that exposes Windows users to remote code execution attacks.

The emergency update comes just one week after the regularly scheduled Patch Tuesday and follows the discovery of a targeted zero-day attack, Microsoft said in an advisory. The vulnerability is rated critical on Windows 2000, Windows XP and Windows Server 2003. On Windows Vista and Windows Server 2008, the flaw carries an “important” rating. For the exploit to work on Windows Vista and Windows 2008, only an authenticated user with access to the target network can carry out the attack.

According to Microsoft’s critical MS08-067 bulletin, a remote code execution vulnerability exists in the Server service on Windows systems. The vulnerability is due to the service not properly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft said it was aware of “limited, targeted attacks attempting to exploit the vulnerability” but the company did not provide any clues about the origin of the attacks or the target that was hit. There are no signs yet of public proof-of-concept code at this point.

According to the bulletin, there is a chance that the vulnerability could lead to a “wormable exploit.” The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.

The vulnerable Windows Server service provides RPC support, file and print support, and named pipe sharing over the network. It is also used to allow the sharing of your local resources (such as disks and printers) so that other users on the network can access them.

Firewall best practices and standard default firewall configurations can help protect users from attacks that originate outside. According to Microsoft advisory, blocking incoming TCP connection on ports 139 and 445 should protect users from exploits. More details and workarounds can be found here.

Share this item with others:

More on CyberInsecure:
  • Microsoft Rushes Out Emergency Fix For Critical LNK Bug
  • Record Number Of Vulnerabilities Fixed In Microsoft’s Patch Tuesday
  • Critical Internet Explorer Security Vulnerability Fixed By Microsoft
  • Microsoft, Adobe, Apple Fix Critical Security Vulnerabilities
  • Microsoft Releases February Security Bulletin For 8 Security Vulnerabilities

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Releases Emergency Patch For Critical Windows Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.