Friday, October 24, 2008

MS08-067

Microsoft released an out-of-cycle patch for a vulnerability in Microsoft Windows RPC service. XP and 2003 are vulnerable to anonymous attack while it's reported attacks against Vista and 2008 and pre-beta release Windows 7 would require authentication. The bug has to do with how Windows RPC handles specially crafted requests. Attacks are already being detected in the wild, AV coverage so far is low. Simply being behind a hardware firewall doesn't mitigate the risk, as the vuln is being leveraged in drive-by, client-side browser attacks. Even a personal firewall is not a mitigation if file and print sharing is turned on, as that are the ports (139 and 445) used in the attack. Patching as quickly as possible is your best option. Also disabling the Server and Computer Browser services would help. If you don't share files or printers on a home network, this is a possibility as well.

More info here:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
http://isc.sans.org/diary.html?storyid=5227
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
http://www.disog.org/

Blog Archive