* Microsoft out-of-band patch - Severity Critical
Update #5 (updated):
As Sourcefire have their sigs available, i would recommend to use these as they have been released via the MAPP program with Microsoft and offer broader coverage.
Update #4:
Some further details are available at the SWI blog in relation to the impact of the netapi32.dll vulnerability.
Updated #3:
Christopher at the MSRC blog posted a short while ago more information. There is much more discussion of the inner workings of the discovery and Microsoft's response to this critical vulnerability. Read it at blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx
Updated #2
As reported earlier today, Microsoft released a critical update today for Windows Operating System. The update addresses a vulnerability with RPC calls which can be referenced from SMB connections. As most of you remember, worms such as Blaster and its kin were able to propagate through RPC/DCOM vulnerabilities and is in a very similar area of code. Microsoft has detected limited, targeted attacks exploiting this flaw in the wild. It is expected that with the release of the update, much more of the hacker community will become aware of how to exploit this and create a major worm outbreak or botnet activity.
On our initial reviewed of the information available from Microsoft, we believe that client computers need to be updated with all due haste. Windows 2000, XP, and Server 2003 are listed as critical. Windows Vista and Server 2008 is only listed as important due to the additional security features with these newer operating systems.
More information is available at www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
Original Post: 2008-10-23 12:16:16 UTC
Microsoft has just released an advance notification of an out-of-band update to be released on 23rd of October. They will hold a special webcast on the 23rd at 1:00 pm PT to discuss the release. The patch will be released at 10.00 am.
The information in the bulletin mentions a remote code exploit, but no further details are provided, however a restart will be required.
Microsoft rates the issue as critical for 2000/XP/2003 and important for vista/2008.
If we get more information we'll update this diary.
Mark
ps thanks to some very fast ISC supporters for letting us know.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago