MS08-066 posts - Security

October 23, 2008 10:56 AM PDT

On Thursday, Microsoft issued a rare out-of-cycle patch for a vulnerability in the Windows Server service that handles remote procedure calls (RPC) that allows programmers to run code either locally or remotely. In issuing MS08-067, Microsoft warns "it is possible that this vulnerability could be used in the crafting of a wormable exploit." Entitled "Vulnerability in Server Service Could Allow Remote Code Execution (958644)" the specific vulnerability has been assigned a National Vulnerability Database designation of CVE-2008-4250.

Microsoft rates this patch as critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, and important for Windows Vista and Windows Server 2008. It also affects versions of Windows 7 pre-beta in limited release. The patch replaces MS06-040.

Microsoft normally issues patches on the second Tuesday of each month, which has been deemed Patch Tuesday. But out-of-cycle patches are not without precedent. Recent examples include the Windows Animated Cursor Remote Code Execution Vulnerability (April 2007), a vulnerability in Vector Markup Language (September 2006), and a vulnerability in the Graphics Rendering Engine (January 2006).

Microsoft said there have been only limited and targeted attacks to date.

The company did say that a firewall should block network resources from attacks from outside the enterprise perimeter.

The patch is available via Microsoft Update or the individual bulletin for MS08-067.

Topics:: Vulnerabilities and attacks,; News

Tags:: security,; Microsoft,; Patch Tuesday,; MS08-066

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed

Inside CNET News

Scroll Left Scroll Right

Software, Interrupted
Open-source acquisitions: What's the holdup?
Acquisitions of open-source companies have garnered huge multiples but haven't rounded out many product portfolios. Exit plans are hazy for most open-source start-ups.
Gallery
Intel touts 3D, apps for Netbooks at CES (photos)
Technically Incorrect
Woman arrested after visiting with WoW teen
Canadian boy leaves home to see 42-year-old woman whom he met on World of Warcraft. No Canadian laws were broken, but she's arrested back home in Texas.
2010 CES
Ray Kurzweil tries to build a better e-reader
The computing pioneer is at CES showing off his Blio software that combines digital books with video, audio and Web content.
Video
Highlights from the Microsoft keynote
Media Maverick
Sarkozy's 'New Year's wish': Investigate Google
Not long after a list of pro-copyright proposals stirred controversy, France's president says he supports an investigation of Google as well as a tax on search engines.
Video
Floor-cleaning robot gets those tight spots
The Social
Pingdom: Facebook is killing it on page views
A report from the traffic firm suggests that the social network has 11 times as many page views as its closest competitor, MySpace.
Cutting Edge
Starry, starry 'first light' from NASA's WISE mission
The new Wide-field Infrared Survey Explorer kicks off its mission to scan and capture a view of the entire sky with a look at the constellation Carina.
Gallery
NASA trains WISE eye on the sky (photos)
Health Tech
Philips' DirectLife makes having fun a workout
DirectLife ups the ante for personal-fitness gadgetry with an activity tracker, motivator, and data organizer that encourages setting and meeting realistic goals.
2010 CES
Control4 readies networked home energy system
Control4's home energy management system uses a home wireless network and tough-screen display to monitor electricity and let consumers participate in energy efficiency programs.