MS08-067 out-of-band MS Security update (netapi32.dll)

MS has an out-of-band release to protect against a vulnerability in netapi32.dll. This vulnerability could be exploited for an RPC/DCOM worm similar in nature to Blaster. With the release of the patch you can expect the Black Hat community to have some nasty fiends available for us during the next week.

Bulletin KB number Description Severity Impact Software
MS08-067 958644 Vulnerability in Server Service Could Allow Remote Code Execution Remote Code Execution Critical Microsoft Windows

What does it affect?
This vulnerability is potentially wormable on Windows XP and older systems;

This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. [1]

Unfortunately, either one of the following two conditions exposes the RPC endpoint:
1) Firewall is disabled
2) Firewall is enabled but file/printer sharing is also enabled.

Microsoft Malware Protection Center have released updated signatures that can enable Microsoft Forefront and Microsoft OneCare to protect against current attempts to exploit the vulnerability (Exploit:Win32/MS08067.gen!A). [1]

If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability. [2]

Patch now, avoid another Blaster.

[1] MS08-067 Released (2008-Oct-23) [MS-MSRC]
[2] More detail about MS08-067, the out-of-band netapi32.dll security update (2008-Oct-23) [MS-]
[3] Microsoft Security Bulletin MS08-067 – Critical (2008-Oct-23) [MS]
[4] * Microsoft out-of-band patch – Severity Critical (2008-Oct-23) [SANS]

This entry was posted in microsoft, patch, Patch_Tuesday, security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.