FNAL Critical Vulnerability Platform: Microsoft Windows 2000, Windows XP, Windows Server 2003 Product: MS08-067 Microsoft Server Service (958644) Exploitation: Unauthenticated user may launch arbitrary code from remote Patch URL: FNAL SMS, FNAL WSUS, http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx Patch By: Monday, October 27, 2008 A vulnerability has been discovered in the Microsoft Server Service (service that manages RPC connections such as file shares and printer sharing, among other tasks) allowing an attacker to send a malformed request and execute arbitrary code. While there are reports of active exploits in the wild, a public release exploit is probably not far off. While FNAL does have various levels on mitigations in place from an outside attack, vulnerability avenues do exist. All affected Windows systems must be patched by Wednesday, October 29, 2008. note that if exploits become more public or more widespread, this date will be moved up as required. Microsoft reference URL: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx |
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by JK on Oct 23, 2008. (Address comments about page to the Computer Security Team.) |