NEWS FROM THE LAB - Friday, October 24, 2008

Out-of-Band Patch from Microsoft Posted by Patrik @ 04:07 GMT

It doesn't happen very often, but when it does, it's for a good reason. Yesterday, Microsoft released an out-of-band patch for a new, critical vulnerability in Windows.

The patch, MS08-067, fixes a remote procedure call (RPC) issue that would, if successfully exploited, enable an attacker to remotely execute applications on a computer running all currently supported versions of Windows.

This is exactly the type of vulnerability Blaster and Sasser used to infect millions of computers back in 2003 and 2004.

The reason for the out-of-band patch is that there is already a trojan actively using the vulnerability to infect computers, which we detect as Trojan-Spy:W32/Gimmiv.A. This trojan steals confidential information from the infected computer and sends it back to the attacker.

The situation is not as dire as in earlier years, as Windows XP SP2 and newer have a firewall in place by default. If you have file or printer sharing enabled however, your computer could be affected.

We recommend that everyone apply the update as soon as possible.