Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Alert Windows emergency security update! What does this mean?

Posted on 2008-10-24
3
Medium Priority
?
385 Views
Last Modified: 2012-05-05
This was sent by our IT support; I need help understanding what is going on?  How serious is this issue?

This was the letter:
Microsoft has issued an emergency security update to address a critical vulnerability in all supported versions of Windows. Since Microsoft rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month, were considering this security threat to be quite serious.
The problem is considered critical on Windows 2000, Windows XP and Windows Server 2003, meaning this is a vulnerability that can be exploited through little or no help from the user. Microsoft describes the flaw as "important" on Windows Vista and Windows Server 2008 machines (however, if the User Account Control is disabled on Vista, then it becomes critical just as on XP and 2000).
Here are a few details: the vulnerability lies with Microsoft's implementation of "remote procedure call" (RPC), a communications technology deeply embedded in the Windows operating system that allows a program to execute another process on a remote system. The RPC attack is levied against the Server service, which is present on all Microsoft operating systems, even desktop operating systems. RPC vulnerabilities are extremely dangerous, as they can be used by a computer worm to quickly spread malicious software to machines on a network.
Most computer systems and networks download these patches automatically, however many servers are configured to manually install these patches to eliminate possible problems. These patch installations are typically done by our support personnel on a regular basis. This patch will require us to install it outside of the normal scheduled install time. If this will impact your systems or access we will contact you and let you know.
Its also a good idea to verify any home computers you or your co-workers have are protected.  You can verify this by using Internet Explorer, and from the Tools Menu, selecting Windows Update.

In simple and shorter terms; help me understand.
0
Comment
Question by:dhidalgo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 750 total points
ID: 22801122
It is a VERY serious flaw in M$ OS's, basically allowing someone, to gain access to your PC with no need for a username or password, and then run whatever code they want to run on your PC.
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
So visit windows update, and run through the process: http://update.microsoft.com/microsoftupdate/

There are mitigating factors, if your behind a firewall, and no incoming traffic is allowed, your fine. If your PC has it's firewall turned on and does not allow access to ports 135-139 and or port 445, your fine. There are others as well read the full bulletin for those details.
-rich
0
 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 750 total points
ID: 22807917
The reason why it's rated "critical" to 2000, XP, and server 2003 is because the exploit is a unauthenticated remote code execution that's possibly wormable.  Although, it is unlikely that the exploit would spread due to what needs to be allowed in order for it to work (no firewall or file/print sharing enabled globally).  Most people have a firewall that doesn't allow inbound/any connections to ports 139 & 445, so it would only be exploitable in your LAN, meaning not wormable unless it's spread from the inside.  Also, the extra security (authentication before access to the above ports) in Windows Vista and server 2008 makes the exploit not even able to allow remote code execution, which is why the rating is only "important" and not "critical" for them.  Actually, the exploit is only really a DoS (denial of service) for those operating systems.
I would update in case the exploit is improved upon and made worse/more effective, it happens a lot.
For more specific information about each operating system and how it's effected, look at:
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
0
 

Author Closing Comment

by:dhidalgo
ID: 31509842
Thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question