Solved

Alert Windows emergency security update! What does this mean?

Posted on 2008-10-24
3
373 Views
Last Modified: 2012-05-05
This was sent by our IT support; I need help understanding what is going on?  How serious is this issue?

This was the letter:
Microsoft has issued an emergency security update to address a critical vulnerability in all supported versions of Windows. Since Microsoft rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month, were considering this security threat to be quite serious.
The problem is considered critical on Windows 2000, Windows XP and Windows Server 2003, meaning this is a vulnerability that can be exploited through little or no help from the user. Microsoft describes the flaw as "important" on Windows Vista and Windows Server 2008 machines (however, if the User Account Control is disabled on Vista, then it becomes critical just as on XP and 2000).
Here are a few details: the vulnerability lies with Microsoft's implementation of "remote procedure call" (RPC), a communications technology deeply embedded in the Windows operating system that allows a program to execute another process on a remote system. The RPC attack is levied against the Server service, which is present on all Microsoft operating systems, even desktop operating systems. RPC vulnerabilities are extremely dangerous, as they can be used by a computer worm to quickly spread malicious software to machines on a network.
Most computer systems and networks download these patches automatically, however many servers are configured to manually install these patches to eliminate possible problems. These patch installations are typically done by our support personnel on a regular basis. This patch will require us to install it outside of the normal scheduled install time. If this will impact your systems or access we will contact you and let you know.
Its also a good idea to verify any home computers you or your co-workers have are protected.  You can verify this by using Internet Explorer, and from the Tools Menu, selecting Windows Update.

In simple and shorter terms; help me understand.
0
Comment
Question by:dhidalgo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 22801122
It is a VERY serious flaw in M$ OS's, basically allowing someone, to gain access to your PC with no need for a username or password, and then run whatever code they want to run on your PC.
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
So visit windows update, and run through the process: http://update.microsoft.com/microsoftupdate/

There are mitigating factors, if your behind a firewall, and no incoming traffic is allowed, your fine. If your PC has it's firewall turned on and does not allow access to ports 135-139 and or port 445, your fine. There are others as well read the full bulletin for those details.
-rich
0
 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 250 total points
ID: 22807917
The reason why it's rated "critical" to 2000, XP, and server 2003 is because the exploit is a unauthenticated remote code execution that's possibly wormable.  Although, it is unlikely that the exploit would spread due to what needs to be allowed in order for it to work (no firewall or file/print sharing enabled globally).  Most people have a firewall that doesn't allow inbound/any connections to ports 139 & 445, so it would only be exploitable in your LAN, meaning not wormable unless it's spread from the inside.  Also, the extra security (authentication before access to the above ports) in Windows Vista and server 2008 makes the exploit not even able to allow remote code execution, which is why the rating is only "important" and not "critical" for them.  Actually, the exploit is only really a DoS (denial of service) for those operating systems.
I would update in case the exploit is improved upon and made worse/more effective, it happens a lot.
For more specific information about each operating system and how it's effected, look at:
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
0
 

Author Closing Comment

by:dhidalgo
ID: 31509842
Thanks
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question