October 23, 2008
Microsoft released an 'out of band' security bulletin and software patch on Thursday, Oct 23, 2008, to address a serious emerging security issue for Windows systems.
This is an unusual occurrence, since Patch Tuesday generally covers most Microsoft vulnerabilities.
The update addresses a vulnerability with RPC calls which can be referenced from SMB connections. As many will recall, worms such as Blaster and its kin were able to propagate through RPC/DCOM vulnerabilities and is in a very similar area of code. Microsoft has detected limited, targeted attacks exploiting this flaw in the wild. It is expected that with the release of the update, much more of the hacker community will become aware of how to exploit this and create a major worm outbreak or botnet activity.
The directive from the Case Information Security Office is for users and administrators to address this issue immediately via assessment of your infrastructure for applicability, testing the patches, and application of patches as soon as possible. This is action is necessary for systems that do not receive automatic updates, in particular for Active Directory OU Administrators. For users with automated updates enabled, the patch should be applied automatically.
We recommend you manually check for updates via via update.microsoft.com. As a reminder, Case Tier I controls suggest automated updates to meet the mandatory patching requirement.
Here are a few FAQ items related to this security update (thanks to SecuritTeam for guidance here based upon their content).
Q: Which Windows versions are affected?
A: Microsoft Windows 2000, Windows XP, Windows Vista, Windows 2003 Server and Windows Server 2008 systems are affected.
Q: I manage my own Windows systems (e.g. my laptop). Is it possible to update my system in a normal way via Microsoft Update?
A: Yes, visiting the Microsoft Update Web site at http://update.microsoft.com/ will update the system against the exploitation of the vulnerability. If the Automatic Updates (Windows XP or Vista)is enabled the system will be updated automatically without user’s actions.
Q: I am using the 7 Pre-Beta version of Windows, is my operating system affected?
A: According to the Microsoft it is affected too. An update is available (see MS08-067).
Posted by Thomas Siu at 03:19 PM