(((It's been a while since we had a real bust-down-the-house kind of global worm, but a nonclickable worm oughta do it.)))
TOP OF THE NEWS
–Microsoft Issues Out-of-Cycle Patch
(October 22 & 23, 2008)
Microsoft has released an out-of-cycle patch for a critical remote code execution vulnerability today, October 23, 20008. The flaw could be exploited to allow a worm to spread without any user interaction. The flaw affects Windows 2000, XP, Server 2003, Server 2008 and Vista. The
"privately reported" vulnerability in the Server service "could allow remote code execution if an affected system received a specially crafted
RPC [remote procedure call] request."
http://voices.washingtonpost.com/securityfix/2008/10/microsoft_to_issue_emergency_s_1.html?nav=rss_blog http://www.securityfocus.com/brief/844
http://www.theregister.co.uk/2008/10/23/windows_emergency_update/
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117878&source=rss_topic17
http://news.cnet.com/8301-1009_3-10074072-83.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.us-cert.gov/cas/techalerts/TA08-297A.html http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
[Editor's Note (Skoudis): This is big, guys... really big. Enterprise folks should get the patch, test it quickly to make sure it doesn't blow up your environment, and then push it to their production systems.
Kudos to Microsoft for having the guts to go out of cycle when it's really important to do so. Thankfully, they don't have to do this very often. But, now is the time. Patch early and patch often.
(Honan): The first worm to exploit this vulnerability, GIMMIV.A, has already been discovered in the wild,
http://www.sophos.com/security/analyses/viruses-and-spyware/trojgimmiva.html?_log_from=rss.
This vulnerability affects the RPC service which could lead to a worm similar to MSBlaster. US-CERT have issued guidelines on how to mitigate the risk until you test and rollout the patch http://www.us-cert.gov/cas/techalerts/TA08-297A.html.
(Schultz): The fact that Microsoft has alerted special customers of this vulnerability indicates that this vulnerability is extremely serious.
The potential urgency will, however, present Microsoft customers with a tough dilemma–whether to install the patch without the opportunity to sufficiently test it, or to "bite the bullet" and install the patch anyway.]
