Microsoft has some important news that we need to get out in every way possible. I received an e-mail with a good “script” that describes the situation pretty well. Here it is (highlighting is my own):
“Today, Microsoft released security update MS08-067 to address a new vulnerability in all affected versions of Windows products, which could allow remote code execution. To address this issue, Microsoft initiated its Software Security Incident Response Process to investigate the issue thoroughly and developed a security update to protect customers.
Based on its ongoing monitoring of the threat environment, Microsoft determined it was in the best interest of customers to release this update outside of its usual monthly release cycle. At this present time, Microsoft has determined there have only been limited and targeted attacks. Microsoft encourages customers to test and deploy this update as soon as possible.
MS08-067 has a maximum severity rating of Important for Windows Vista and Windows Server 2008 and a maximum severity rating of Critical for all earlier versions of Microsoft Windows.
I’m calling to ensure you’re aware of this critical security vulnerability as an attacker could exploit this without authentication to run arbitrary code. Immediately updating your anti-virus signatures, running windows update to install the latest patches form Microsoft and ensuring firewall best practices and standard default firewall configurations are strongly recommended by Microsoft. For more information and the updates please visit http://www.microsoft.com/protect.
For additional Support assistance, please contact Microsoft Product Support Services at 1-866-PCSAFETY.”
Check those links for more information, and get your machines updated ASAP, folks.