Emergency Windows patch issued to solve ‘critical’ XP issue
Microsoft has issued a rare emergency patch for Windows. It fixes a problem ranked as ‘critical’ in Windows 2000 and XP, though less risky in Vista.
In the absence of a firewall, this vulnerability could allow a hacker to gain control of a machine without any user action to authenticate them. In Vista and Server 2008, the user would have to authenticate the attack which is why the problem is only rated ‘important’ for those systems.
The specific problem lies in Microsoft’s Remote Procedure Call, a system used when there’s a legitimate need for somebody on one machine to run an activity on another machine. The biggest worry with a security gap in that system is that it could allow a ‘worm’ to spread malicious software across a chain of machines extremely quickly.
It’s very uncommon for Microsoft to issue a security update outside of the monthly ‘Patch Tuesday’ release: the last time it happened was April 2007. It would usually only happen when the consequences are particularly serious and there’s already evidence of hackers knowing about and exploiting the problem.
Microsoft has confirmed there have been “limited, targeted attacks attempting to exploit the vulnerability” but hasn’t said if they’ve been successful. The Washington Post quotes a source as saying there have been fewer than 100 attempted attacks recorded, but a recent increase in the rate of attempts prompted the emergency patch.
Microsoft’s bulletin on the update says a firewall can help protect against the type of attack the patch is designed to block. However, if you’re running XP and don’t have it set to automatically download and install Windows Updates, this really is one you should install manually ASAP.
There will be a special Microsoft webcast about the patch tonight (Thursday) at 1pm Pacific time. It will later be available for on-demand replay at http://www.microsoft.com/technet/security/bulletin/summary.mspx, listed under Information About Microsoft October Out-of-Band Security Bulletin.
Related Posts:
October 24th, 2008
T?e Patch has been reversed engineered in 2 hours.
November 28th, 2008
why don’t you give people an easy way to check for this by supplying the basic information of the update. like the ms or kb #’s , so they can check their systems and see if it’s installed or not? you’re linking to the technical aspects and a lot people don’t have clue.
Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (KB958644)