Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ADVANCE NOTIFICATION – October 23, 2008 (Out-of-Band) MSRC Security Bulletin Release

October 22nd 2008 in Uncategorized


Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Thursday, October 23, 2008.

This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk. 

New Bulletin Summary

Bulletin Identifier: Windows Bulletin

Maximum Severity Rating: Critical

Impact of Vulnerability: Remote Code Execution

Detection: Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Restart Requirement: The update requires a restart.
Affected Software: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008
Advance Notification Web Page

The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here:

3 comments to...
“ADVANCE NOTIFICATION – October 23, 2008 (Out-of-Band) MSRC Security Bulletin Release”


Er… in plain language?


What with all the “fake” out of band alerts, seeing a real one is disconcerting.

Why is MS doing it this way? Why not just stick it into Windows Updates like their other Out of Band updates?


:o) There was no “plain language” at the time the article went live. That’s all we had.

I’ve published another alert – the vulnerability affects RPC – I have already patched my systems; I hope you have too.

@Matt, bearing in mind the fact that I’m not Microsoft, we felt that this was important enough to make sure as many people as possible knew about the update, and installed it. The risks are not trivial (although standard firewall settings provide some protection).

What do you get when you combine a busy evening, an ongoing IM chat and a moment of inattention?  You get what you see to left of screen. Note that I declined the download… don’t play with with fire by downloading the virus, even if you know what it is and just want […]

Previous Entry

  Edit: A detailed description of the vulnerability has been published here:http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx  Of particular importance is this quote: “This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released the fix “out of band” (not on the […]

Next Entry