• AnyStream is having some DRM issues currently, Netflix is not available in HD for the time being.
    Situations like this will always happen with AnyStream: streaming providers are continuously improving their countermeasures while we try to catch up, it's an ongoing cat-and-mouse game. Please be patient and don't flood our support or forum with requests, we are working on it 24/7 to get it resolved. Thank you.

Microsoft releases critical out-of-cycle patch

Status
Not open for further replies.
DrinkLyeAndDie

DrinkLyeAndDie

Retired Moderator
Thread Starter
Joined
Jan 28, 2007
Messages
11,823
Likes
471
The patch is currently available via Windows Update.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)

<snip>

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Click to expand...
 
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008

Version: 1.0
General Information
Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update immediately.

Known Issues. None
 
Last edited:
I do no MS updates except service packs. Most updates are of no use to the everyday user. They just add more bloat to your system.
 
oldjoe said:
I do no MS updates except service packs. Most updates are of no use to the everyday user. They just add more bloat to your system.
Click to expand...

As I said before, people are free to do as they wish but I consider it unsound to not install important/critical security updates that are potentially exploitable.

Not updating makes a system a potential zombie and the source attacks via a botnet or possible identity theft among other things. Part of proper security practices along with proper use of an antivirus and firewall is keeping your OS secured via updates which I consider common sense. Not everyone uses antivirus, a firewall, or has common sense. Some have a some but not the other.

You are perfectly free to do what you feel is right for you but I wouldn't recommend your philosophy.

Anyway, my purpose of the thread was to notify Windows users. As the update has now been out for days and most people should already be aware of it via Windows Update or some other notification the thread isn't really necessary anymore. My goal wasn't to discuss the validity of security updates or how and when they should be applied. I was merely letting people know about the update.

I'm closing the thread now and it can fall by the wayside.
 
Last edited:
Status
Not open for further replies.
Back
Top