• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 391
  • Last Modified:

Alert Windows emergency security update! What does this mean?

This was sent by our IT support; I need help understanding what is going on?  How serious is this issue?

This was the letter:
Microsoft has issued an emergency security update to address a critical vulnerability in all supported versions of Windows. Since Microsoft rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month, were considering this security threat to be quite serious.
The problem is considered critical on Windows 2000, Windows XP and Windows Server 2003, meaning this is a vulnerability that can be exploited through little or no help from the user. Microsoft describes the flaw as "important" on Windows Vista and Windows Server 2008 machines (however, if the User Account Control is disabled on Vista, then it becomes critical just as on XP and 2000).
Here are a few details: the vulnerability lies with Microsoft's implementation of "remote procedure call" (RPC), a communications technology deeply embedded in the Windows operating system that allows a program to execute another process on a remote system. The RPC attack is levied against the Server service, which is present on all Microsoft operating systems, even desktop operating systems. RPC vulnerabilities are extremely dangerous, as they can be used by a computer worm to quickly spread malicious software to machines on a network.
Most computer systems and networks download these patches automatically, however many servers are configured to manually install these patches to eliminate possible problems. These patch installations are typically done by our support personnel on a regular basis. This patch will require us to install it outside of the normal scheduled install time. If this will impact your systems or access we will contact you and let you know.
Its also a good idea to verify any home computers you or your co-workers have are protected.  You can verify this by using Internet Explorer, and from the Tools Menu, selecting Windows Update.

In simple and shorter terms; help me understand.
0
dhidalgo
Asked:
dhidalgo
2 Solutions
 
Rich RumbleSecurity SamuraiCommented:
It is a VERY serious flaw in M$ OS's, basically allowing someone, to gain access to your PC with no need for a username or password, and then run whatever code they want to run on your PC.
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
So visit windows update, and run through the process: http://update.microsoft.com/microsoftupdate/

There are mitigating factors, if your behind a firewall, and no incoming traffic is allowed, your fine. If your PC has it's firewall turned on and does not allow access to ports 135-139 and or port 445, your fine. There are others as well read the full bulletin for those details.
-rich
0
 
TurboBorlandCommented:
The reason why it's rated "critical" to 2000, XP, and server 2003 is because the exploit is a unauthenticated remote code execution that's possibly wormable.  Although, it is unlikely that the exploit would spread due to what needs to be allowed in order for it to work (no firewall or file/print sharing enabled globally).  Most people have a firewall that doesn't allow inbound/any connections to ports 139 & 445, so it would only be exploitable in your LAN, meaning not wormable unless it's spread from the inside.  Also, the extra security (authentication before access to the above ports) in Windows Vista and server 2008 makes the exploit not even able to allow remote code execution, which is why the rating is only "important" and not "critical" for them.  Actually, the exploit is only really a DoS (denial of service) for those operating systems.
I would update in case the exploit is improved upon and made worse/more effective, it happens a lot.
For more specific information about each operating system and how it's effected, look at:
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
0
 
dhidalgoAuthor Commented:
Thanks
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now