Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Alert Windows emergency security update! What does this mean?

Posted on 2008-10-24
3
Medium Priority
?
389 Views
Last Modified: 2012-05-05
This was sent by our IT support; I need help understanding what is going on?  How serious is this issue?

This was the letter:
Microsoft has issued an emergency security update to address a critical vulnerability in all supported versions of Windows. Since Microsoft rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month, were considering this security threat to be quite serious.
The problem is considered critical on Windows 2000, Windows XP and Windows Server 2003, meaning this is a vulnerability that can be exploited through little or no help from the user. Microsoft describes the flaw as "important" on Windows Vista and Windows Server 2008 machines (however, if the User Account Control is disabled on Vista, then it becomes critical just as on XP and 2000).
Here are a few details: the vulnerability lies with Microsoft's implementation of "remote procedure call" (RPC), a communications technology deeply embedded in the Windows operating system that allows a program to execute another process on a remote system. The RPC attack is levied against the Server service, which is present on all Microsoft operating systems, even desktop operating systems. RPC vulnerabilities are extremely dangerous, as they can be used by a computer worm to quickly spread malicious software to machines on a network.
Most computer systems and networks download these patches automatically, however many servers are configured to manually install these patches to eliminate possible problems. These patch installations are typically done by our support personnel on a regular basis. This patch will require us to install it outside of the normal scheduled install time. If this will impact your systems or access we will contact you and let you know.
Its also a good idea to verify any home computers you or your co-workers have are protected.  You can verify this by using Internet Explorer, and from the Tools Menu, selecting Windows Update.

In simple and shorter terms; help me understand.
0
Comment
Question by:dhidalgo
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 750 total points
ID: 22801122
It is a VERY serious flaw in M$ OS's, basically allowing someone, to gain access to your PC with no need for a username or password, and then run whatever code they want to run on your PC.
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
So visit windows update, and run through the process: http://update.microsoft.com/microsoftupdate/

There are mitigating factors, if your behind a firewall, and no incoming traffic is allowed, your fine. If your PC has it's firewall turned on and does not allow access to ports 135-139 and or port 445, your fine. There are others as well read the full bulletin for those details.
-rich
0
 
LVL 4

Assisted Solution

by:TurboBorland
TurboBorland earned 750 total points
ID: 22807917
The reason why it's rated "critical" to 2000, XP, and server 2003 is because the exploit is a unauthenticated remote code execution that's possibly wormable.  Although, it is unlikely that the exploit would spread due to what needs to be allowed in order for it to work (no firewall or file/print sharing enabled globally).  Most people have a firewall that doesn't allow inbound/any connections to ports 139 & 445, so it would only be exploitable in your LAN, meaning not wormable unless it's spread from the inside.  Also, the extra security (authentication before access to the above ports) in Windows Vista and server 2008 makes the exploit not even able to allow remote code execution, which is why the rating is only "important" and not "critical" for them.  Actually, the exploit is only really a DoS (denial of service) for those operating systems.
I would update in case the exploit is improved upon and made worse/more effective, it happens a lot.
For more specific information about each operating system and how it's effected, look at:
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
0
 

Author Closing Comment

by:dhidalgo
ID: 31509842
Thanks
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question