Results 1 to 10 of 10

Thread: Oct 23, 2008: Microsoft rushes out critical Windows patch

  1. #1
    avon Guest

    Default Oct 23, 2008: Microsoft rushes out critical Windows patch

    Microsoft rushes out critical Windows patch
    Emergency patch released ahead of schedule
    Microsoft is set to rush out an emergency security patch for Windows users today.
    Microsoft has offered few details on why it is releasing the software update, which is rated
    'critical' for users of Windows 2000, Windows XP and Windows Server 2003.Many security experts are concerned, however, because a critical flaw can be exploited by online attackers to seize
    control of the PC.The update will be released at 10am US Pacific Time (6pm tonight for UK users), according to
    Microsoft spokesman Christopher Budd, in a blog posting published late last night.
    The flaw is considered to be a less serious risk for users of the Windows Vista and Server 2008
    operating systems, Microsoft said in an advisory on the issue....http://www.pcadvisor.co.uk/securitya...=106029&sa
    -------------
    Microsoft Security Bulletin Advance Notification for October 2008
    Published: October 22, 2008
    http://www.microsoft.com/technet/sec.../MS08-oct.mspx

  2. #2
    naivemelody Guest

    Default Re: Oct 23, 2008: Microsoft rushes out critical Windows patch/ KB958644 /MS08-067

    This is a legit out-of-cycle MS Security update as avon has mentioned. (nice going) KB958644<hr>Excerpts from - WindowsSecrets - Rare out-of-cycle patch emphasizes the risk MS08-067 (958644) &quot;With little warning, Microsoft released yesterday an unscheduled or &quot;out-of-cycle&quot; patch for a highly critical vulnerability that affects all versions of Windows. Security bulletin MS08-067 (patch 958644) was posted to warn of a remote-code attack that could spread wildly across the Internet.

    Microsoft says it found evidence two weeks ago of an RPC (remote procedure call) attack that can potentially infect Windows machines across the Net with no user action required.

    Windows Server 2003, 2000, and XP (even with Service Pack 2 or 3 installed) are particularly vulnerable. Vista and Server 2008 gain some protection via User Account Control, data-execution protection, and other safeguards, as explained in an article by Dan Goodin in the Register.

    While firewalls are a first line of defense against this attack, don't think you're secure just because you have a firewall. Malware and viruses use many different techniques to wiggle their way into our systems.

    For example, my office's networks are protected by firewalls on the outside, but inside the network, PCs have file and printer sharing enabled. If a worm got loose inside the office network (and the patch hadn't been installed), the attack would spread like wildfire.

    Many antivirus vendors have already issued definition updates that protect against this attack. Your antivirus program, however, may not protect you completely even if your AV definitions are up-to-date. Early reports indicate that there are already nine different strains of viruses trying to take advantage of this vulnerability. We can expect more to come, so even the best AV application may not be able to update fast enough&quot;...continues
    <hr>Microsoft update &gt; http://support.microsoft.com/default...EN-US;KB958644<hr>Update: Microsoft Preps Emergency Windows Patch - PCMag.com&gt; http://www.pcmag.com/article2/0,2817,2333177,00.asp<hr>Attack Code for Critical Microsoft Bug Surfaces - PCWorld.com&gt; http://www.pcworld.com/businesscente..._surfaces.html<hr>Time to patch Windows again, ASAP - news.cnet.com&gt; http://news.cnet.com/8301-13554_3-10...CmoreStories.0<hr>New Worm Feeds on Latest Microsoft Bug - PCWorld.com - &gt;&gt; http://www.pcworld.com/businesscente...osoft_bug.html
    - excerpts...

    &quot;One day after Microsoft
    issued a rare emergency Windows security patch, the bad guys have a few new ways to take advantage of the bug.

    By Friday, security researchers had identified a new worm, called Gimmiv, which exploited the vulnerability, and a hacker had posted an early sample of code that could be used to exploit the flaw on the Web...<hr><hr>If your anti-virus is 'on it's toes' you could be receiving a new separate anti-virus update just specifically for this 'exploit'. I had already installed my regular update for the day, when now - a few hours later - received a new quick small av update (
    I presume is for the MS exploit in question) {zero-day exploit - my av is doing it's job}. You may get the specific exploit def. with your next scheduled av update or get an immediate update, nice. Thanks avon for your info. very telling.










    Message Edited by NaiveMelody on 10-25-2008 02:36 PM

  3. #3
    avon Guest

    Default Re: Oct 23, 2008: Microsoft rushes out critical Windows patch

    More info:Exploit comes just hours after details of flaw revealed by Microsoft - computerworld.com
    http://www.computerworld.com/action/...;intsrc=kc_top
    -------------
    &lt;&lt;The patch MS08-067 fixes a remote procedure call (RPC) issue that would, if successfully exploited, enable an attacker to remotely execute applications on a computer running all currently supported versions of Windows.
    This is exactly the type of vulnerability Blaster and Sasser used to infect millions of computers back in 2003 and 2004.The reason for the out-of-band patch is that there is already malware actively using the vulnerability to infect computers, which we detect as Trojan-Spy:W32/Gimmiv.A.
    This trojan steals confidential information from the computer and sends it back to the attacker.The situation is not as dire as in earlier years, as Windows XP SP2 and newer have a firewall in place by default.
    If you have file or printer sharing enabled however, your computer may be affected.
    We recommend that everyone apply the update as soon as possible.&gt;&gt;http://www.f-secure.com/weblog/archives/00001519.html






    Message Edited by avon on 10-24-2008 07:30 AM

    Message Edited by avon on 10-24-2008 07:43 AM

  4. #4
    raideron Guest

    Default Re: Oct 23, 2008: Microsoft rushes out critical Windows patch/ KB958644 /MS08-067

    I updated my vista on that day
    all said successful and I rebooted and all seemedfine running with no problems.. But the very next day I had another update...I tried to find info(notice of it)
    on the second day update but I could not, I ran theupdate...
    all is still running great with no problems and still the fastest I have...
    Has anyone else have a &quot;two&quot; day update of windows??
    ThanksRon


    Message Edited by Raideron on 10-31-2008 06:54 AM

  5. #5
    naivemelody Guest

    Default raideron, check your review your update history...

    and give us the kb 'number' of the second update; we can't talk about something without the 'specifics.' Open your microsoft update page and find the 'review your update history.' ...

  6. #6
    raideron Guest

    Default Re: raideron, check your review your update history...

    Hi Melody,
    Ahh.. I got my dates mixed up, The first was on the 24th... KB958644, then on the 28th..KB953155 &amp; KB957200..

    All Vista updates..
    Not a big deal and I have seen this happen a few times in the pass on vista updates,but most the non-Tuesday updates was other things and Windows Defender which Inow have disabbled. And most the time when you get off Tues. Vista type updates youread about it else where...
    Thanks

  7. #7
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Oct 23, 2008: Microsoft rushes out critical Windows patch/ KB958644 /MS08-067


    <BLOCKQUOTE><HR>Raideron wrote:
    I updated my vista on that dayall said successful and I rebooted and all seemedfine running with no problems.. But the very next day I had another update...I tried to find info(notice of it)on the second day update but I could not, I ran theupdate...all is still running great with no problems and still the fastest I have...Has anyone else have a "two" day update of windows??ThanksRon

    Message Edited by Raideron on 10-31-2008 06:54 AM
    <HR></BLOCKQUOTE>Thias last couple of weeks MicroSoft has been playing Catch up, or Fix the Ooops.. with a few Midweek Updates, for both Vista and XP..
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    raideron Guest

    Default Re: Oct 23, 2008: Microsoft rushes out critical Windows patch/ KB958644 /MS08-067

    Thanks GeorgeV

  9. #9
    naivemelody Guest

    Default Re: raideron, Vista gets two expected patches from MS -Oct.28

    Well Raideron, you got some out-of-cycle updates, but still legit...<hr>Excerpts from WindowsSecrets.com...
    &quot;Vista gets two expected patches from MS
    Vista machines were offered two new, out-of-cycle patches beginning on Oct. 28, two weeks after this month's Patch Tuesday.

    One of the patches was MS08-062 (953155). This upgrade is for the Windows Internet Printing Service and only affects you if you're using Vista as a Web server. Microsoft stated on Oct. 14 that this fix was being offered for Windows Server as part of its regular Patch Tuesday release, but that a version for Vista would be coming out later.

    Vista is also now receiving its monthly dose of compatibility upgrades in patch 957200. However, at this writing, the Microsoft Knowledge Base article that would ordinarily detail what's in the patch is missing in action.

    If you'd like to read up before deploying the patch, as I plan to do, feel free to look for KB article 957200 in the next few days. (It'll probably be posted on this page at Microsoft.com.) I don't believe you need to install this patch until Microsoft explains what it does.&quot;<hr><hr>Additional
    side notes: (provided by avon)...Click here &gt; http://forums.zonelabs.org/zonelabs/...ssage.id=19407
    { I was wondering why I'm seeing more 'activity with my ms update program/ wuauclt.exe.' }
    &quot;Over the next couple of months, we'll be rolling out another infrastructure update to the
    Windows Update agent (client code),&quot;...

  10. #10
    raideron Guest

    Default Re: raideron, Vista gets two expected patches from MS -Oct.28

    :-)
    Thanks Melody...... HAGD!!!




Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •