View Full Version : Critical Microsoft Update

10-24-2008, 03:40 AM
Microsoft posts emergency defense for new attack

Rare out-of-cycle patch emphasizes the risk

With little warning, Microsoft released yesterday an unscheduled or "out-of-cycle" patch for a highly critical vulnerability that affects all versions of Windows. Security bulletin MS08-067 (patch 958644) was posted to warn of a remote-code attack that could spread wildly across the Internet.

Microsoft says it found evidence two weeks ago of an RPC (remote procedure call) attack that can potentially infect Windows machines across the Net with no user action required.

Windows Server 2003, 2000, and XP (even with Service Pack 2 or 3 installed) are particularly vulnerable. Vista and Server 2008 gain some protection via User Account Control, data-execution protection, and other safeguards, as explained in an article (http://windowssecrets.com/links/ohyc5it6svqyd/358118h/?url=www.theregister.co.uk%2F2008%2F10%2F23%2Femer gency_windows_update%2F) by Dan Goodin in the Register.

While firewalls are a first line of defense against this attack, don't think you're secure just because you have a firewall. Malware and viruses use many different techniques to wiggle their way into our systems.

For example, my office's networks are protected by firewalls on the outside, but inside the network, PCs have file and printer sharing enabled. If a worm got loose inside the office network (and the patch hadn't been installed), the attack would spread like wildfire.

Many antivirus vendors have already issued definition updates that protect against this attack. Your antivirus program, however, may not protect you completely even if your AV definitions are up-to-date. Early reports indicate that there are already nine different strains of viruses trying to take advantage of this vulnerability. We can expect more to come, so even the best AV application may not be able to update fast enough.

I've tested this patch and have had no problems applying it. I strongly urge you to download and install this patch manually. Restart your PC before installing any patch to verify that your machine is bootable. Then be sure to reboot again after installing the patch, so the patched binaries completely replace the vulnerable components.

Microsoft has posted several versions of the patch that apply to different operating systems:

Windows 2000 with Service Pack 4 patch download (http://windowssecrets.com/links/ohyc5it6svqyd/8f47aeh/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3DE22EB3AE-1295-4FE2-9775-6F43C5C2AED3)
Windows XP with Service Pack 2 or 3 patch download (http://windowssecrets.com/links/ohyc5it6svqyd/0c05f6h/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3D0D5F9B6E-9265-44B9-A376-2067B73D6A03)
Windows XP 64-bit Edition patch download (http://windowssecrets.com/links/ohyc5it6svqyd/de71e9h/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3D4C16A372-7BF8-4571-B982-DAC6B2992B25)
Windows Server 2003 with Service Pack 1 or 2 patch download (http://windowssecrets.com/links/ohyc5it6svqyd/4900d6h/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3DF26D395D-2459-4E40-8C92-3DE1C52C390D)
Windows Server 2003 64-bit Edition patch download (http://windowssecrets.com/links/ohyc5it6svqyd/386bfdh/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3DC04D2AFB-F9D0-4E42-9E1F-4B944A2DE400)
Windows Vista with or without Service Pack 1 patch download (http://windowssecrets.com/links/ohyc5it6svqyd/6e56b8h/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3D18FDFF67-C723-42BD-AC5C-CAC7D8713B21)
Windows Vista 64-bit Edition with or without Service Pack 1 patch download (http://windowssecrets.com/links/ohyc5it6svqyd/8e87d5h/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3DA976999D-264F-4E6A-9BD6-3AD9D214A4BD)
Windows Server 2008 32-bit Edition patch download (http://windowssecrets.com/links/ohyc5it6svqyd/7699c8h/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3D25C17B07-1EFE-43D7-9B01-3DFDF1CE0BD7)
Windows Server 2008 64-bit Edition patch download (http://windowssecrets.com/links/ohyc5it6svqyd/01dc3bh/?url=www.microsoft.com%2Fdownloads%2Fdetails.aspx% 3Ffamilyid%3D7B12018E-0CC1-4136-A68C-BE4E1633C8DF)

More information: Please read security bulletin MS08-067 (http://windowssecrets.com/links/ohyc5it6svqyd/512757h/?url=www.microsoft.com%2Ftechnet%2Fsecurity%2FBull etin%2FMS08-067.mspx). For an excellent technical explanation of the vulnerability and possible mitigations, read TechNet's Oct. 23 (http://windowssecrets.com/links/ohyc5it6svqyd/90d1b9h/?url=blogs.technet.com%2Fswi%2Farchive%2F2008%2F10 %2F23%2FMore-detail-about-MS08-067.aspx) description. (TechNet incorrectly refers to MS08-067 as "out-of-band," but the patch is simply out-of-cycle, because it wasn't released on Microsoft's usual Patch Tuesday monthly cycle.)

and i don't want to hear anything from the unix users :p

10-24-2008, 05:11 AM
Meh. Unless windows prompts me to do the update or does it while i'm sleeping I won't do it, I'll just use ubuntu till then.

10-24-2008, 05:46 AM
it did it automatically for me.

10-24-2008, 05:50 AM
Me too. Although, my computer does not like Service Pack 3, I've had to block it from being reinstalled on my computer.

10-24-2008, 03:01 PM
Although Linux is full of win, I've yet to break free totally. I had for a few weeks but then had to switch back for my programming class.

Mine installed this update automatically at home and at work.

10-24-2008, 06:22 PM
I'll admit, I usually boot vista as I so rarely have problems with it and I'm also a gamer. Occasionally, vista applies updates at night and when it restarts it boots ubuntu and at midnight I hear the drums and I'll just swear because it means I basically have to restart.