http://www.theregister.co.uk/2008/10/23/emergency_windows_update/ By Dan Goodin in San Francisco The Register P23rd October 2008 Updated - Microsoft has released an emergency security update for a broad swath of its users that patches a critical security hole that is already being exploited in the wild. The vulnerability - which has been subjected to "limited, targeted attacks" - could allow miscreants to create wormable exploits that remotely execute malicious code on vulnerable machines, Microsoft said. No interaction is required from the end user. It was the first patch released outside Microsoft's regular update cycle in 18 months. "This is a remote code execution vulnerability," Microsoft's out-of-band advisory warned. "An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely." The vulnerability stems from the failure of Windows server service to properly vet remote procedure call (RPC) requests for malicious content. The service handles the sharing of printers, disk and other resources over a network. It also allows applications on one networked computer to communicate with applications on another machine. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Oct 24 2008 - 02:08:54 PDT
This archive was generated by hypermail 2.2.0 : Fri Oct 24 2008 - 02:19:59 PDT