MS Issues Emergency Patch !!!

**Vin DSL** · 10-23-2008, 08:31 PM

A critical flaw has been found that allows remote code execution, through a specifically crafted RPC request against the Server Service (i.e. this is a SMB exploit). MS has issued an "out-of-band" patch to immediately fix this, as all versions of Windows are vulnerable.

Windows 5.xx: Completely Vulnerable/Critical (No authentication required)
Windows 6.xx: Partially Vulnerable/Important (The attacker would need appropriate authentication credentials)

Firewalls can block this, but only if they're configured to block SMB requests. This means that most computers in a LAN are vulnerable to each other, should an exploit be deployed in such a way that it can cross the network's firewall (i.e. delivered via infected laptops or an email-based worm).

This is currently being exploited in the wild

Patch today, before certain doom strikes!

BTW, despite what Microsoft Security Bulletin MS08-067 says, this patch can be Hotpatched...

**the_ancient** · 10-24-2008, 01:52 PM

Windows 5 and 6, Man you should be Using XP or Vista

**Vin DSL** · 10-24-2008, 09:08 PM

Let's see...

I got a Win98SE proxy server, three W2K desktops, a XP and Vista lappy[s].

Got all my bases covered!

**the_ancient** · 10-24-2008, 11:08 PM

Originally Posted by Vin DSL

Let's see...

I got a Win98SE proxy server,

That is sooo last decade

**jason** · 10-24-2008, 11:54 PM

At 3:00 this afternoon they started blocking unpatched computers from the campus network at work--they didn't want this one floating around over the weekend. Anyone with an unpatched computer now gets an IP address in the 10.10.*.* range instead of a public IP when they hit the DHCP servers for a lease renewal and they get blocked from doing anything online except hitting our "why am I seeing this page" site and Windows Update.

--Jason

**Ron** · 10-25-2008, 01:47 PM

Just curious, without me going and studying the vulnerability, how does the DHCP server know the patch hasn't been applied?

**jason** · 10-25-2008, 03:07 PM

The DHCP server doesn't. Our Information Security Office routinely scans computers connected to our network for known vulnerabilities. When it finds one it blacklists it. When the blacklisted computer tries to renew its lease, the DHCP server sees that it is blacklisted and hands out an internal-only IP. Blacklisted computers get rescanned every hour or so, so once the scanner sees the computer is patched it removes the blacklisting and during the next lease renewal (blacklisted IPs have very short leases) the computer gets its old IP back.

--Jason

**Ron** · 10-25-2008, 03:43 PM

Hahaa! Neat!

**Vin DSL** · 10-26-2008, 01:35 AM

Originally Posted by the_ancient

That is sooo last decade

Proxy servers?

**the_ancient** · 10-26-2008, 11:57 AM

Originally Posted by Vin DSL

Proxy servers?

no win98.... you know 2008 - 1998 == 10years or 1 decade

**Vin DSL** · 10-26-2008, 10:04 PM

Originally Posted by the_ancient

no win98.... you know 2008 - 1998 == 10years or 1 decade

I'm also using W2K which is 8 years old, XP which is 7 years old, and Vista which is 3 years old....

And, my production site (JagPC) and private sites (home) are using Linux which is 17 years old.

What's your point, stupid?

n/m

You probably got older pron than my various OSes... and that still gets you off in a Kleenex which is 84 years old!

**the_ancient** · 10-27-2008, 04:11 AM

Originally Posted by Vin DSL

I'm also using W2K which is 8 years old, XP which is 7 years old, and Vista which is 3 years old....

And, my production site (JagPC) and private sites (home) are using Linux which is 17 years old.

What's your point, stupid?

n/m

You probably got older pron than my various OSes... and that still gets you off in a Kleenex which is 84 years old!

Sounds like some one needs to buy himself a hooker