• On GameFAQs: The top 10 fighting games of all time
October 23, 2008 10:56 AM PDT

Microsoft patches potential 'worm hole'

by Robert Vamosi
  • Font size
  • Print
  • Post a comment

On Thursday, Microsoft issued a rare out-of-cycle patch for a vulnerability in the Windows Server service that handles remote procedure calls (RPC) that allows programmers to run code either locally or remotely. In issuing MS08-067, Microsoft warns "it is possible that this vulnerability could be used in the crafting of a wormable exploit." Entitled "Vulnerability in Server Service Could Allow Remote Code Execution (958644)" the specific vulnerability has been assigned a National Vulnerability Database designation of CVE-2008-4250.

Microsoft rates this patch as critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, and important for Windows Vista and Windows Server 2008. It also affects versions of Windows 7 pre-beta in limited release. The patch replaces MS06-040.

Microsoft normally issues patches on the second Tuesday of each month, which has been deemed Patch Tuesday. But out-of-cycle patches are not without precedent. Recent examples include the Windows Animated Cursor Remote Code Execution Vulnerability (April 2007), a vulnerability in Vector Markup Language (September 2006), and a vulnerability in the Graphics Rendering Engine (January 2006).

Microsoft said there have been only limited and targeted attacks to date.

The company did say that a firewall should block network resources from attacks from outside the enterprise perimeter.

The patch is available via Microsoft Update or the individual bulletin for MS08-067.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

News,

Vulnerabilities & attacks

Tags:

security,

Microsoft,

Patch Tuesday,

MS08-066

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Recent posts from Security
Microsoft actively urges IE 6 users to upgrade
Microsoft investigating 'black screen of death'
Pub fined $13k for Wi-Fi copyright infringement
Tips for safe online shopping
Big changes in Security Starter Kit 2010
Confidential 9/11 pager messages disclosed
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
Related
Microsoft warns of IE exploit code in the wild
Microsoft patches critical hole in Windows kernel
Microsoft probing Windows 7 zero-day hole
Microsoft patching zero-day Windows 7 SMB hole
Microsoft to fix holes in Windows, Office
Phishing, worms spike this year, say Microsoft and McAfee
CNET News Daily Podcast: Murdoch enlisting Microsoft to shun Google
Another iPhone worm, but this one is serious
advertisement
Click Here

S.F. hacker space: Heaven for the DIY set?

The Noisebridge hacker space offers sewing and Mandarin classes, soldering workshops, Internet-controlled front door access, and a server room with no door.
• Photos: Circuits, code, community

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET