Update on MS08-067

Hello everyone,


This is Christopher Budd once again. As I said in my last post, we aren’t done when we release an update. Our response teams are constantly watching the situation around the world to understand as much as possible what’s going on with things like the threat environment and the state of security update deployments.


Based on some of our latest situation reports I wanted to provide you with an update as of this morning. You’ve told us it’s helpful for you to have this information on an ongoing basis.


In terms of the security update itself, we’re seeing strong deployments worldwide. We also have no reports of known issues with the security update at this time.


In terms of the overall threat environment, we’ve not seen any major changes so far. We are aware that people are working to develop reliable public exploit code for the vulnerability. We are aware of discussion about code posted on a public site, but our analysis has shown that code always results in a denial of service, to demonstrate the vulnerability. So far, we’ve not seen evidence of public, reliable exploit code showing code execution.


Additionally, we’re not aware of any broad attacks or new malware seeking to exploit this vulnerability since we’ve released the security update on Thursday. While there have been a couple of reports of a “new worm”, these reports are actually inaccurate: they’re talking about malware we found in our investigation of the original targeted and limited attacks that we talked about in our posting on Thursday. Specifically, these reports are talking about TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Arpoc.A (which is the specific attack associated with Exploit:Win32/MS08067.gen!A). Both of these are trojans, not self-replicating worms.


While deployments of the updates are happening quickly and relatively smoothly, and the threat environment hasn’t changed significantly since Thursday, we don’t want customers to take that as a sign to decrease their pace of, or even delay, deployments for this update.  This is a Critical vulnerability that is being actively attacked, though so far in a limited, targeted fashion. Those were the reasons we released this out-of-band and it is because of this that we continue to urge customers to aggressively test and deploy this update as soon as possible.


In addition, we are not relaxing our vigilance here. Our teams around the world continue to work around the clock, watching for any changes in the threat environment or issues that could impact customers’ ability to deploy these updates. As always, we will let you know through the MSRC weblog of any changes in this situation.




*This posting is provided “AS IS” with no warranties, and confers no rights.*

Comments (8)

  1. Anonymous says:

    Kurz gesagt: “Im Westen nichts neues”. Meine Kollegen sowohl in den USA, als auch sonst überall rings

  2. Anonymous says:

    Come opportunamente fatto dal Microsoft Security Response Center con il loro ultimo post , anch’io penso

  3. Anonymous says:

    Hey folks, Mike Reavey here, It’s been almost five days since we originally released MS08-067 , and our

  4. Anonymous says:

    Kurzbeschreibung: Sicherheitsupdate, das eine kritische Lücke in der Netzwerkprogramm(ier)schnittstelle (API) von Windows bzw. dem zugehörigen Windows Server Dienst und hier des RPC ("Remote Procedure Call") schließen soll, durch die ein Angreifer von

  5. Anonymous says:

    Hey folks, Mike Reavey here, It’s been almost five days since we originally released MS08-067 , and our

  6. Anonymous says:

    Letzte Woche haben wir im Interesse der Sicherheit unserer Kunden und Partner eine außerplanmäßige Sicherheitsaktualisierung

  7. Anonymous says:

    SkyRecon’s StormShield Security Suite protects Windows operating environment even if the latest out-of-band patch (MS08-067) has not been installed.

  8. Anonymous says:

    Aggiornato il 18/12/2008 ore 12:00 Dicembre 2008 17 dicembre: rilascio straordinario (OOB) bollettino