Let the Panic begin?! (or maybe not…) [MS08-067]

Yesterday, Microsoft has released an out of band patch (in other words, not through
the standard cycle of releases,which means it’s really important and there is no time
to wait for the next cycle) for all Windows version. Such a release, obviously causes
concerns (as does everything that is not routine).

The patch is intended for all Windows versions, and it is supposed to plug a hole in
the Server service (specifically RPC) that might allow an attacker to run arbitrary code
under the system account (it also seems that the vulnerability is wormable).
Enter PANIC!!! (or maybe not)

First reason to lower the panic levels is that when stating that an attacker can do something we have to ask ourselves
whether the attacker is an anonymous attacker or an authenticated one (he difference
is obvious and major). In this case, older Windows version (2000, XP, 2003) are
vulnerable to an anonymous attack (thus the patch is critical).
Windows 2008 and Vista are only affected if the attacker is authenticated.

Second, security is a layered art. The vulnerability can only affect systems that do not
have firewalls that protect them. This statement sounds like a double edged sword:
on one hand you will obviously not have a firewall block the ports on a system that is
acting as a server(simply sharing a folder/printer),on the other hand how many personal computers that do not have
some type of firewall protection do you think are on the Internet today (a lot, but a lot
less since the days of Blaster).

Third reason to lower the panic levels is the fact that you are reading this. If your level
of awareness is high enough to pursue information on the subject it means that you
are security conscious and that you are protecting your computers and will apply
the patch. Security conscience has significantly grown which means that systems may
be hit, yet the damage (effect) will be significantly lower.

 

If you managed to bear with me, it’s time to go and patch:
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

http://www.kb.cert.org/vuls/id/827267

Leave a Reply

Your email address will not be published. Required fields are marked *