Solved

Alert Windows emergency security update! What does this mean?

Posted on 2008-10-24
3
349 Views
Last Modified: 2012-05-05
This was sent by our IT support; I need help understanding what is going on?  How serious is this issue?

This was the letter:
Microsoft has issued an emergency security update to address a critical vulnerability in all supported versions of Windows. Since Microsoft rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month, were considering this security threat to be quite serious.
The problem is considered critical on Windows 2000, Windows XP and Windows Server 2003, meaning this is a vulnerability that can be exploited through little or no help from the user. Microsoft describes the flaw as "important" on Windows Vista and Windows Server 2008 machines (however, if the User Account Control is disabled on Vista, then it becomes critical just as on XP and 2000).
Here are a few details: the vulnerability lies with Microsoft's implementation of "remote procedure call" (RPC), a communications technology deeply embedded in the Windows operating system that allows a program to execute another process on a remote system. The RPC attack is levied against the Server service, which is present on all Microsoft operating systems, even desktop operating systems. RPC vulnerabilities are extremely dangerous, as they can be used by a computer worm to quickly spread malicious software to machines on a network.
Most computer systems and networks download these patches automatically, however many servers are configured to manually install these patches to eliminate possible problems. These patch installations are typically done by our support personnel on a regular basis. This patch will require us to install it outside of the normal scheduled install time. If this will impact your systems or access we will contact you and let you know.
Its also a good idea to verify any home computers you or your co-workers have are protected.  You can verify this by using Internet Explorer, and from the Tools Menu, selecting Windows Update.

In simple and shorter terms; help me understand.
0
Comment
Question by:dhidalgo
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
Comment Utility
It is a VERY serious flaw in M$ OS's, basically allowing someone, to gain access to your PC with no need for a username or password, and then run whatever code they want to run on your PC.
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
So visit windows update, and run through the process: http://update.microsoft.com/microsoftupdate/

There are mitigating factors, if your behind a firewall, and no incoming traffic is allowed, your fine. If your PC has it's firewall turned on and does not allow access to ports 135-139 and or port 445, your fine. There are others as well read the full bulletin for those details.
-rich
0
 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 250 total points
Comment Utility
The reason why it's rated "critical" to 2000, XP, and server 2003 is because the exploit is a unauthenticated remote code execution that's possibly wormable.  Although, it is unlikely that the exploit would spread due to what needs to be allowed in order for it to work (no firewall or file/print sharing enabled globally).  Most people have a firewall that doesn't allow inbound/any connections to ports 139 & 445, so it would only be exploitable in your LAN, meaning not wormable unless it's spread from the inside.  Also, the extra security (authentication before access to the above ports) in Windows Vista and server 2008 makes the exploit not even able to allow remote code execution, which is why the rating is only "important" and not "critical" for them.  Actually, the exploit is only really a DoS (denial of service) for those operating systems.
I would update in case the exploit is improved upon and made worse/more effective, it happens a lot.
For more specific information about each operating system and how it's effected, look at:
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
0
 

Author Closing Comment

by:dhidalgo
Comment Utility
Thanks
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now