The InformationWeek -- Blogs

Security

Topics:   Security

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share
  • icon

Microsoft Issues Emergency Advisory


Posted by George Hulme, Oct 27, 2008 11:48 PM

Just last week we warned admins and end users alike that they'd better apply the patch released last week in security update MS08-067. Today, Microsoft warned users that exploits that target the vulnerability are circulating in the wild. Hate to say it: Told You So.

This is from the advisory (958963) released today:

Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue.

Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS08-067 on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.


A quick translation: It looks like Vista isn't affected by this specific exploit (but is vulnerable to the flaw that was patched on Oct. 23), but XP, Windows 2000, and Windows Server 2003 all remain at-risk if not patched. The good news: no worm yet.

History says these types of exploits can be fairly straightforward to flip into a worm. So we're not out of the water yet, and if you haven't patched it's still a very good idea to do so.

Here's the original Microsoft Security Bulletin MS08-067.

« More Cloud Computing Startups | Main | Google Adds Calendar Notifications To Gmail »



Sign Up Now
For InformationWeek News Alerts




This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


 
 

  1. Detecting Scalability Problems With Intel Parallel Universe Portal
  2. Just Say No To SFAQL Parallelism
  3. QuickThread: A New C++ Multicore Library
Join The InformationWeek Group On LinkedIn


                           


  1. AT&T, T-Mobile, Verizon All Offering Black Friday Sales
  2. Best Buy Rolls Out $99 Android Sale
  3. Apple Says Users To Blame For iPhone Virus
  4. iPhone And Android Dominate Mobile Web Browsing

  1. Practical Analysis: Smartphones -- Passion To Profit And Productivity
  2. Stay On Top of Source Code Security Flaws
  3. Down To Business: How Indian CIOs Stack Up
  4. CIO Profiles: John P. Burke, CIO Of Ambit Energy
  5. How Cloud Computing Changes IT Organizations
  6. Understanding Private Cloud Storage

 
  Ars Technica
Boing Boing
Channel 9 Forums
CRN Blogs
Dr.Dobb's Portal: Blogs
Engadget
Gizmodo
GrokLaw 		  Lifehacker
Schneier on Security
Slashdot
TechCrunch
Techdirt
Techmeme
Valleywag
  DECEMBER 2008
NOVEMBER 2008
OCTOBER 2008
SEPTEMBER 2008
AUGUST 2008
JULY 2008
JUNE 2008
MAY 2008 		  APRIL 2008
MARCH 2008
FEBRUARY 2008
JANUARY 2008
DECEMBER 2007
NOVEMBER 2007
OCTOBER 2007
SEPTEMBER 2007