[STEAM-ADVISORY] MS08-067, Critical Windows remote code execution vulnerability
Security Team threat advisory notification list.
steam-advisory at lists.purdue.edu
Thu Oct 23 13:59:08 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
MS08-067, Critical Windows remote code execution vulnerability.
STEAM-ADVISORY NO. 2008102301
PURDUE UNIVERSITY SECURITY TEAM CIRT
23 October 13:45:00 EDT 2008
**** NOTICE ****
Also listed as CVE-2008-4250
Microsoft reports a "limited, targeted attack attempting to exploit this
Today, Microsoft released an out of cycle patch to address a critical,
unauthenticated, remote code execution vulnerability in its Windows
operating systems. This vulnerability exists in the Server service and
can be exploited via a specially crafted RPC request. This allows an
attacker to have complete control over a system.
* Microsoft Windows 2000 Service Pack 4
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows XP Professional x64 Edition
* Windows XP Professional x64 Edition Service Pack 2
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2
* Windows Server 2003 x64 Edition
* Windows Server 2003 x64 Edition Service Pack 2
* Windows Server 2003 with SP1 for Itanium-based Systems
* Windows Server 2003 with SP2 for Itanium-based Systems
* Windows Vista and Windows Vista Service Pack 1
* Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1
* Windows Server 2008 for 32-bit Systems
* Windows Server 2008 for x64-based Systems
* Windows Server 2008 for Itanium-based Systems
A remote code execution vulnerability in the Windows operating
system has been reported to Microsoft, prompting the issuing of a
critical out of band patch today. Vulnerable systems can be exploited
via a specially crafted RPC request which leverages a flaw in the Server
service of Windows. This exploit does not require the attacker to be
authenticated and can be performed remotely. This attack results in the
compromise of the operating system and allows the attacker to have
complete control of a system.
Microsoft recommends that administrators apply this update immediately.
This patch requires a reboot.
Other best practices can also mitigate this threat, such as disabling
unused services and using firewalls at the operating system and network
levels to block TCP ports 139 and 445. Specifically, Microsoft
recommends disabling the Server and Computer Browser services as a
potential workaround if the system cannot be patched immediately.
Alternately, on Vista and Server 2008, the affected RPC identifier can
be filtered (see MS08-067 for detailed instructions).
==FURTHER INFORMATION AND RESOURCES==
Secunia Advisory SA32326
==STEAM-CIRT CONTACT INFORMATION==
For questions concerning this advisory, please send email to:
itap-securityhelp at purdue.edu.
Report computer-related abuse to steam-cirt:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the STEAM-ADVISORY