The InformationWeek -- Blogs
Security

Topics:   Security

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share
  • icon

Microsoft Issues Emergency Advisory


Posted by George Hulme, Oct 27, 2008 11:48 PM

Just last week we warned admins and end users alike that they'd better apply the patch released last week in security update MS08-067. Today, Microsoft warned users that exploits that target the vulnerability are circulating in the wild. Hate to say it: Told You So.

This is from the advisory (958963) released today:

Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue.

Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS08-067 on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.


A quick translation: It looks like Vista isn't affected by this specific exploit (but is vulnerable to the flaw that was patched on Oct. 23), but XP, Windows 2000, and Windows Server 2003 all remain at-risk if not patched. The good news: no worm yet.

History says these types of exploits can be fairly straightforward to flip into a worm. So we're not out of the water yet, and if you haven't patched it's still a very good idea to do so.

Here's the original Microsoft Security Bulletin MS08-067.

« More Cloud Computing Startups | Main | Google Adds Calendar Notifications To Gmail »



Sign Up Now
For InformationWeek News Alerts




This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


 
 

  1. Sequential Programming: Like Eating Peas with a Straw.
  2. Biomolecular device using self-assembled DNA nanostructures?
  3. Coreinfo v2.0: A Simple Utility to Understand the Manycore Complexity in Windows
Join The InformationWeek Group On LinkedIn


                           


  1. More Reasons Why Linux Misses The Desktop
  2. Too Much Netbook For Too Litl?
  3. Motorola Explains Why Droid Doesn't Have Multi-Touch
  4. Sprint And T-Mobile Headed The Wrong Direction

  1. Microsoft Releases Exchange 2010
  2. Global CIO: Cloud Computing's New Name: Who Will Win $100 Million?
  3. Google Computes News Quality
  4. Internet Use Increases Social Connectivity
  5. Review: Motorola Cliq Smartphone
  6. Florida Hospital Dials Up iPhones For Nurses

 
  Ars Technica
Boing Boing
Channel 9 Forums
CRN Blogs
Dr.Dobb's Portal: Blogs
Engadget
Gizmodo
GrokLaw 		  Lifehacker
Schneier on Security
Slashdot
TechCrunch
Techdirt
Techmeme
Valleywag
  DECEMBER 2008
NOVEMBER 2008
OCTOBER 2008
SEPTEMBER 2008
AUGUST 2008
JULY 2008
JUNE 2008
MAY 2008 		  APRIL 2008
MARCH 2008
FEBRUARY 2008
JANUARY 2008
DECEMBER 2007
NOVEMBER 2007
OCTOBER 2007
SEPTEMBER 2007