There was a new critical vulnerability announced today that could lead to remote code execution against Windows Operating Systems. (Specifically, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.) And, unless you are running Windows Vista or Windows Server 2008*, this exploit even works for non-authenticated users – remotely!
In short, this means that this exploit could be turned into a new Internet Worm. In fact, consistent exploit code has already been discovered in limited, targeted attacks, which is precisely why this update is a "zero day" update. It needs to be patched now, folks. Don’t delay. Again, the vulnerability can be exploited consistently, remotely, and without authentication. These three factors are not good in combination.
Needless to say, this kind of exploit is potentially very damaging, and the wise administrators among us will reduce their exposure immediately – either by applying the update, or, if updating is not an option due to a lengthy testing and deployment process, then by disabling the computer and server browser services temporarily. Check out this bulletin for more details on how to perform these actions.
For more information and to download the update (Select your OS version): http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
To get the Update directly from Microsoft Update (US Site): http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
* If you are running Windows Vista or Windows Server 2008, the update severity is mitigated by the likelihood that the exploit will only work for authenticated users, even with UAC turned off. Plus, improvements like ASLR (Address Space Layout Randomization) further reduce the ease of exploit. It’s nice to see the security investment we made in Windows Vista and Windows Server 2008 paying off in situations like this.