[Sysops-list] Reminder: time to patch windows/servers
Bipin Gautam
bipin.gautam at gmail.com
Sat Oct 25 12:30:03 EDT 2008
A 0-day worm is out in wild and exploiting. In a few days, more worms
and hack-tools will be updated to exploit the same.
Microsoft has released a out-of-the cycle update (MS08-06) to address
this remote code execution vulnerability.
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
Recommended workarounds:
-Disable the Server and Computer Browser services
-Block TCP ports 139 and 445 at the firewall
As reported in Tuesday's advance notification all major Windows
versions are affected, the bulletin rates Vista update as Important.
In 2006, worm authors were quick to adopt the remotely executed
exploit in just 4 day following a security update released as part of
the regular Patch Tuesdays - IRC-Mocbot, W32/Sdbot, W32/Spybot,
W32/Opanki, et ceteras.
Now in 2008, we are faced with malware authors, motivated by profits,
more organized, and are more likely to target zero-day
vulnerabilities, as we have reported on several critical incidents we
have discovered since 2006. Like déjà vu, Microsoft released an
out-of-cycle security update today to address in-the-wild attacks
against a new MS08-067 vulnerability targeting the same Windows Server
Service.
___________________________________________
http://groups.google.com/group/Intelligence-Studies
************************************************************
More information about the Sysops-list
mailing list