Out-of-Band Critical Update MS08-067

Started by Corrine, October 23, 2008, 07:27:44 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

The various announcements are linked in my blog post.  This update is particularly critical for anyone operating Windows XP.

http://securitygarden.blogspot.com/2008/10/out-of-band-critical-update-ms08-067.html


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Eric the Red

The same, but this time an explanation for the less technical amongst us

http://www.theregister.co.uk/2008/10/23/emergency_windows_update/

Don't delay, get this update today!
"The time to start running is around about the "e" in "Hey, you!" "

R-C

I got mine early on and had no problems at all with the install it went smoothly.
registered Linux user:476595
May inspiration fill your heart and hands, run down your legs onto your feet and cause Spontaneous Dancing! :dance:

Eric the Red

From the Technet blogs

QuoteMost perimeter firewalls will block exploit attempts from outside your organization

If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability.

However, it is expected that malware writers will be actively attempting to exploit this vulnerability, please apply the update asap.
"The time to start running is around about the "e" in "Hey, you!" "

Corrine

Quote"This vulnerability is pretty nasty," said Miller. "It affects every version of the Windows operating system. Attackers don't need to have any credentials or access to the machine. They don't have to trick the user into doing anything."

His biggest fear, he said, is that a worm will be developed to take over vulnerable machines en masse. And he fully expects that to happen. "You're talking about a vulnerability that does not need user interaction," he said. "That's a gold mine if you're trying to build a botnet."

Echoing Budd's call to action, Miller advises everyone to apply the patch immediately. "Normally I'll tell people you should test the patch," he said. "On something like this, I would definitely just deploy it as soon as possible."

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=211600270


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Eric the Red

Further information on this one from Juha-Matti Laurio of Securiteam

http://blogs.securiteam.com/index.php/archives/1150

QuoteQ: Is the exploit code of this vulnerability publicly released?
A: Yes. On Friday 24th October the proof of concept code was released on a blog of security researcher. The PoC has been released at several well-known exploit and security community Web sites too.
"The time to start running is around about the "e" in "Hey, you!" "