[ISN] Microsoft rushes out emergency Windows security fix

From: InfoSec News <alerts_at_private>
Date: Fri, 24 Oct 2008 04:08:54 -0500 (CDT)

By Dan Goodin in San Francisco
The Register
P23rd October 2008

Updated - Microsoft has released an emergency security update for a 
broad swath of its users that patches a critical security hole that is 
already being exploited in the wild.

The vulnerability - which has been subjected to "limited, targeted 
attacks" - could allow miscreants to create wormable exploits that 
remotely execute malicious code on vulnerable machines, Microsoft said. 
No interaction is required from the end user. It was the first patch 
released outside Microsoft's regular update cycle in 18 months.

"This is a remote code execution vulnerability," Microsoft's out-of-band 
advisory warned. "An attacker who successfully exploited this 
vulnerability could take complete control of an affected system 

The vulnerability stems from the failure of Windows server service to 
properly vet remote procedure call (RPC) requests for malicious content. 
The service handles the sharing of printers, disk and other resources 
over a network. It also allows applications on one networked computer to 
communicate with applications on another machine.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Fri Oct 24 2008 - 02:08:54 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 24 2008 - 02:19:59 PDT