MS08-067 Released


Hi,


This is Christopher Budd. Following up on my post from last night, I wanted to let you know that we’ve released MS08-067 today.


This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. To help you better understand the details around the vulnerability, my colleagues over at the Security Vulnerability Research & Defense blog have provided some more information here. Also, Michael Howard has provided some background on the vulnerability from the Security Development Lifecycle perspective here.


In addition, to releasing a security update to address the vulnerability, we’ve also taken steps to help enable broader protections for customers. Specifically, our colleagues in the Microsoft Malware Protection Center have released updated signatures that can enable Microsoft Forefront and Microsoft OneCare to protect against current attempts to exploit the vulnerability (Exploit:Win32/MS08067.gen!A). You can read about what they’re doing to help protect here. We have also provided information to our security partners in our Microsoft Active Protections Program and our Microsoft Security Response Alliance Program. We encourage all customers to update the signatures for their security protection products to help provide protections while they’re testing and deploying these updates.


We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems that we discovered about two weeks ago through our ongoing monitoring. As we investigated these attacks we found they were utilizing a new vulnerability and initiated our Software Security Incident Response Process (SSIRP). As we analyzed the vulnerability in our SSRP process, we found that this vulnerability was potentially wormable on Windows XP and older systems. Our analysis also showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly. Based on those two factors, we felt that it was in the best interest of customers for us to release this update before the regular November release cycle.We have also have detection for the malware we found used in attacks exploiting this vulnerability (TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Gimmiv.A.dll) in the signatures the MMPC is releasing today and sharing that information with our partners.


We aren’t done when we release an update.  Our Customer Service and Support teams are ready to support customers as they deploy the update. And our security teams, and our partners, are monitoring for active attacks against this vulnerability. As always, we’ll update you with any information that we have as it develops.


In the meantime, we encourage you to test and deploy the security updates and security software signatures as soon as possible.


Thanks,


Christopher


*This posting is provided “AS IS” with no warranties, and confers no rights.*


Comments (30)

  1. Anonymous says:

    I wanted to call your attention to a critical, out-of-band Microsoft Security Bulletin released today.

  2. Anonymous says:

    E’ stato rilasciato il bollettino di sicurezza Microsoft straordinario (Out-of-Band) " MS08-067

  3. Anonymous says:

    Comme annoncé, un bulletin de sécurité vient d’être publié : MS08-067 – Une

  4. Anonymous says:

    Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote

  5. Anonymous says:

    Hola a todos, como actualización a la información entregada anoche, hoy hemos liberado el boletin MS08-67

  6. Anonymous says:

    Ich gehe davon aus, dass ihr alle davon gehört habt und auch schon den Patch überall drauf

  7. Anonymous says:

    Remember when I said we posted an advance notification of an out-of-band security bulletin that was going

  8. Anonymous says:

    Kurzbeschreibung: Sicherheitsupdate, das eine kritische Lücke in der Netzwerkprogramm(ier)schnittstelle (API) von Windows bzw. dem zugehörigen Windows Server Dienst/RPC schließen soll, durch die ein Angreifer von außen in ein Windows-System eindringen

  9. Anonymous says:

    Un bulletin de sécurité vient d’être publié hors cycle des Tuesday patch ( http://www.microsoft.com/france/technet/security/bulletin/MS08-067.mspx

  10. Anonymous says:

    Un bulletin de sécurité vient d’être publié hors cycle des Tuesday patch ( http://www.microsoft.com/france/technet/security/bulletin/MS08-067.mspx

  11. Anonymous says:

    Un bulletin de sécurité vient d’être publié hors cycle des Tuesday patch ( http://www.microsoft.com/france/technet/security/bulletin/MS08-067.mspx

  12. Anonymous says:

    Un bulletin de sécurité vient d’être publié hors cycle des Tuesday patch ( http://www.microsoft.com/france/technet/security/bulletin/MS08-067.mspx

  13. Anonymous says:

    Un bulletin de sécurité vient d’être publié hors cycle des Tuesday patch ( http://www.microsoft.com/france/technet/security/bulletin/MS08-067.mspx

  14. Anonymous says:

    Bulletin de securite MS08-067- Correctif de securite a appliquer tres rapidement Un bulletin de sécurité

  15. Anonymous says:

    Hola a todos, como actualización a la información entregada anoche, hoy hemos liberado el boletin MS08-67

  16. Anonymous says:

    Microsoft issues emergency security patch MS08-067 PATCH NOW — This is especially true if you use XP

  17. Anonymous says:

    Microsoft issues emergency security patch MS08-067 PATCH NOW — This is especially true if you use XP

  18. Anonymous says:

    Hola a todos. Esta actualización , la cual liberamos fuera de un martes por su importancia, es importante

  19. Anonymous says:

    Днес бе публикуван критичен патч за практически всички поддържани версии на Windows. Патчът “запушва” 

  20. Anonymous says:

    Before we spend some time talking about the Extended Hotfix Support program for DST, I thought it would

  21. Anonymous says:

    0 vote There are reports emerging Friday morning of a new Trojan exploiting the MS08-067 RPC vulnerability in Windows that Microsoft patched with an emergency fix yesterday. Known as Gimmiv.A, the Trojan propagates automatically through networks, and

  22. Anonymous says:

    Hello everyone, This is Christopher Budd once again. As I said in my last post , we aren’t done when

  23. Anonymous says:

    Hello everyone, This is Christopher Budd once again. As I said in my last post , we aren’t done when

  24. Anonymous says:

    Register now for the November 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index

  25. Anonymous says:

    Register now for the November 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index

  26. Anonymous says:

    Hey folks, Mike Reavey here, It’s been almost five days since we originally released MS08-067 , and our

  27. Anonymous says:

    Hey folks, Mike Reavey here, It’s been almost five days since we originally released MS08-067 , and our

  28. Anonymous says:

    A couple of weeks ago Microsoft released an out-of-band security update in bulletin MS08-067 . Looking

  29. Anonymous says:

    Aggiornato il 18/12/2008 ore 12:00 Dicembre 2008 17 dicembre: rilascio straordinario (OOB) bollettino