Attacks on MS08-067

As we were pushing on our Out-of-Band release earlier this month we tried to make you understand that immediate deployment is needed as the vulnerability is high risk. Otherwise we would not have gone out of band…

Interestingly enough, we have not seen widespread attacks since now. Earlier today now we released different pieces of information on the two key blogs on that:

• Microsoft Security Response Center: MS08-067 Update: November 25
• Microsoft Malware Protection Center: More MS08-067 Exploits

The reason why I post and why this attacks makes me a little bit nervous is that I hear from too many customers still that they did not yet deploy and the reason behind is that “they heard that we might have issues with this update”. Sorry, this is blank nonsense.

To be clear: Out of all support cases Microsoft has received regarding MS08-067, all of them (and I mean all – no exception) turned out to be caused by another issue and/or mis-configuration and not MS08-067! So, there were no issues with this update so far.

It is your choice now to decide whom you base your risk assessment on: On some web pages telling you that they heard or on us.

Whatever you do, base your risk assessment on the fact that there is somebody out there exploiting the vulnerability

Roger