MS to release EMERGENCY patch for Windows today

[Sava700]

Normally I wouldn't post about this..but its very important from what I've researched on so make sure to run windows updates today!!

BE AWARE: Microsoft will release an emergency security patch today!!

[INDENT]Thursday October 23rd, 17:00 GMT (That is 19:00 for GMT+1+summertime)

All Microsoft said is that the vulnerability can be remotely exploited by malware.

Microsoft advices every Windows user / administrator to update their machines

Every currently supported Windows version is affected, so:

Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows 2008, 2008 Core.

I'm not sure if all editions are affected, but it does look like it, so also Windows Embedded? Windows CE ? 2008 Core installation? Hyper-V Server?

To my knowlegde this is only the second time that Microsoft has released an out of band security patch.[/INDENT]

source

[RoscoPColtrane]

Thanks for the heads up!

I bet some people at work are going to be running around like chickens with their heads chopped off.

[mountainman]

Thanks, Sava.

[ARS]

thanks...

a great read when I get off work.

Thanks again!

[Sava700]

Checked and the update is showing up.. so go get it!

[CableDude]

Checked and the update is showing up.. so go get it!

I'll wait to next week.

[Roody]

Thanks for the heads up. I just downloaded and rebooted my pc a moment ago.

[A_old]

wow. It must be a bad one.

[Sava700]

I'll wait to next week.

your computer may blow up before then!! But I don't think it effects win 98 so don't worry about it.

[CableDude]

your computer may blow up before then!! But I don't think it effects win 98 so don't worry about it.

[RoundEye]

I just recieved this email,

Dear Microsoft Partner,

Because you are a member of the Microsoft Partner Program, ensuring you have the information you need about critical security issues is of the utmost importance to us. As you know, we typically release security bulletins once monthly. This alert is to provide you with an overview of the new security bulletin released (out of band) on Thursday, October 23, 2008. Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644), to address a vulnerability in all currently supported versions of Windows. This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers.

We request that you take action immediately by first assessing and preparing your own systems and networks and applying the security update. Then reach out to your customers to assist them in securing their systems and networks by applying the update. The full bulletin for MS08-067 is available at http://www.microsoft.com/technet/securi ... 8-067.mspx

Sincerely,

The Microsoft U.S. Partner Program Team

Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests.

[TNATireFryer]

i tried yesturday - i tried this morning several times -
auto updates are turned on- yes history of updates says last update was a month ago or so -
anyone possibly know why or have a reason why i cant get the new update?
ill keep trying - it keeps telling me no high priority updates .........

[CableDude]

I did 19 machines today.... 100 more to go.

[Cypher]

It's matters like this that made me stop using Windows long ago. I've been MS free for over a year now and loving it.
Unfortunately when *nix sucks, it REALLY sucks bad and requires much nerd-fu to rectify.

Still thanks for the heads up. I'll update my Son's game drive. (Another *nix weakness )

[Blisster]

I spent all day friday patching Windows servers. My WSUS server went belly-up

[YeOldeStonecat]

I did 19 machines today.... 100 more to go.

Kidding?

[Humboldt]

damn windows update error

[Shinobi]

Update: New Worm Exploits Microsoft Bug
http://www.efluxmedia.com/news_Update_N ... 27467.html

Only two days after Microsoft released the patch, security researchers identified a new worm named Gimmiv, which exploited the vulnerability in the RPC service.

Well that didn't take long..

[CableDude]

Kidding?

No joke. My last count this summer was around 140 machines that I alone am responsible for.

It's getting old.

[YeOldeStonecat]

Have you installed...ya know...that "W" thingy yet?

[CableDude]

Have you installed...ya know...that "W" thingy yet?

[YeOldeStonecat]

I'll take that as a ... negative...

[CableDude]

I'll take that as a ... negative...

Yes, Ghost rider.