|
October 24, 2008
Dear Know Technology Partners:
As a partner of Know Technology, we want to alert you to a security bulletin
that Microsoft released yesterday. This new bulletin is relevant to all
users of Microsoft workstations or servers. Microsoft has
released a patch that is require for all workstations and servers.
It is important to note that application of this patch does require a reboot.
Know Technology - KnowManager (Platinum, Gold and Silver) clients
are automatically having this issue addressed at no additional
cost, as part of their Managed Services plan. We encourage you to
inquire about these services, as they ultimately help our clients
leverage technology, and prevent downtime in the long run.
We are working with all other networking clients
to arrange for this patch to be applied on their respective
networks. This issue has already been addressed on Know Technology's
hosting systems.
Below, are details of this important security patch, as received
from Microsoft.
Regards,
The Know Technology Staff
This alert is to provide you with an overview of the new security bulletin
released (out of band) on Thursday, October 23, 2008. Microsoft has released
security bulletin MS08-067, Vulnerability in Server Service Could Allow
Remote Code Execution (958644), to address a vulnerability in all currently
supported versions of Windows. This security update was released outside
of the usual monthly security bulletin release cycle in an effort to protect
customers. We request that you take action immediately by first assessing
and preparing your own systems and networks and applying the security update,
then reaching out to your customers to assist them in securing their systems
and networks by applying the update.
Details about this security update are below, but here are your key resources:
Summary
This security update resolves a privately reported vulnerability in the Server
service. The vulnerability could allow remote code execution
if an affected system received a specially crafted RPC
request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003
systems, an attacker
could exploit this vulnerability without authentication
to run arbitrary code. It is possible that this vulnerability could be
used in the crafting
of a wormable exploit. Firewall best practices and standard
default firewall configurations can help protect network
resources from attacks that originate
outside the enterprise perimeter. The security update addresses
the vulnerability by correcting the way that the Server
service handles RPC requests.
Recommendations
Microsoft recommends
that partners first assess their own systems and networks
and apply this security update, then reach out and follow up with
their customers to assist them in securing their systems and
networks to help ensure that their computers are protected
from attempted criminal attacks.
New Security Bulletin Technical Details
Identifier
MS08-067
Severity Rating
This security update is rated Critical for all supported editions of Microsoft
Windows 2000, Windows XP, Windows Server 2003, and rated Important for
all supported editions of Windows Vista and Windows Server 2008.
Impact of Vulnerability
Remote Code Execution
Detection
Microsoft Baseline Security Analyzer can detect whether your computer
system requires this update.
Affected Software
All currently supported versions of Windows.
Restart Requirement
The update requires a restart.
Removal Information
- For Windows
2000, Windows XP, Windows Server 2003: Use Add or
Remove Programs tool in Control Panel or the Spuninst.exe utility
- For Windows
Vista and Windows Server 2008: WUSA.exe does not
support uninstall of updates. To uninstall an update installed
by WUSA, click Control Panel, and then click Security. Under Windows
Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update
MS06-040 is superseded on these operating systems: Windows 2000 SP4, Windows
XP SP2, Windows XP X64, Windows Server 2003 SP1, Windows Server
2003 X64, Windows Server 2003 SP1 for Itanium-based Systems.
Full Details
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
Regarding information Consistency
We recommend that Microsoft partners use the Microsoft TechNet Security
TechCenter as a key source of security information:
http://technet.microsoft.com/security, and that you sign up
for comprehensive alerts at http://www.microsoft.com/technet/security/bulletin/notify.mspx.
We strive to provide you with accurate information in static
(this mail) and dynamic (Web-based) content. Microsoft's security content posted
to the Web is occasionally updated to reflect late-breaking information.
If this results in an inconsistency between the information here and the
information in Microsoft's Web-based security content, the information
in Microsoft's Web-based security content is authoritative.
|
