Microsoft Announces Security Bulletin

Tags:  security  Windows  Microsoft  THUS 

  • By theWHIR.com , October 24, 2008

  •   Digg
      Delicious
    submit to reddit  Reddit
      Newsvine
      Stumbleupon
      Twitter
    Facebook

    (close)

    From:
    To:
    Share | Send | Print | Comments (0)

Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.

By David Hamilton, theWHIR.com

October 24, 2008 -- (WEB HOST INDUSTRY REVIEW) -- Microsoft (www.microsoft.com) has issued an urgent security alert affecting all users of currently supported versions of Windows because of a vulnerability in its server service that could "allow remote code execution," meaning a hacker could hijack a system and use it to craft a wormable exploit.

Breaking Microsoft's usual monthly security bulletin release cycle, this Thursday announcement describes a privately reported vulnerability whereby a malicious user could allow a specially crafted remote procedure call request to affect a vulnerable system. Microsoft's security update addresses the vulnerability by correcting the way it handles RPC requests. The company also advises users to also configure their firewall to protect their network from outside attacks. The company has released more specific information on its website.

This security update is rated "critical" for supported Windows 2000, Windows XP, Windows Server 2003, and "important" for Windows Vista and Windows Server 2008.

Enterprise Strategy Group senior analyst Jon Oltsik in the Cnet blog post wrote that this flaw is definitely bigger than the ones that could wait for Patch Tuesday.

"After speaking with Microsoft earlier today," Oltsik wrote, "I strongly suggest that users understand the importance of this update and begin emergency patching procedures immediately. While exploits around this Windows vulnerability have been limited thus far, Microsoft concedes that it could be exploited by old-school Internet-based worms a la 2004 and do massive amounts of damage."

Microsoft has also announced a webcast to address customer questions on the bulletin.

OLDER:  MobiSiteGalore Gets Innovation Nod | NEWER:  R1Soft Launches CDP 2.0

Comment anonymously or log into your WHIR account

Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.

User:

Pass:

(reset password)

Don't have an account yet? Register now!


 

Related Content

Most Popular