Microsoft to issue Critical update *TODAY* (apparently) ...

Started by DAB Badboy, Oct 23, 2008, 07:08:34

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.


kinmel

Alan  ‹(•¿•)›

What is the date of the referendum for England to become an independent country ?

Inactive

The usual nice clear written English from Microsoft..  ;D

:thnks:
Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

Rik

They certainly made it easy to comprehend, didn't they, In.  :stars:

Thanks, DAB,  :thumb: :karmic:
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby


somanyholes

taken from the windows secrets newsletter.

QuoteMicrosoft posts emergency defense for new attack

Susan Bradley    By Susan Bradley

A remote-code exploit that could spread rapidly like the 2003 MSBlaster worm is putting all versions of Windows at risk.

I recommend that you immediately install a patch that Microsoft has just issued to protect your system from a vulnerability in the Server service.

MS08-067 (958644)
Rare out-of-cycle patch emphasizes the risk

With little warning, Microsoft released yesterday an unscheduled or "out-of-cycle" patch for a highly critical vulnerability that affects all versions of Windows. Security bulletin MS08-067 (patch 958644) was posted to warn of a remote-code attack that could spread wildly across the Internet.

Microsoft says it found evidence two weeks ago of an RPC (remote procedure call) attack that can potentially infect Windows machines across the Net with no user action required.

Windows Server 2003, 2000, and XP (even with Service Pack 2 or 3 installed) are particularly vulnerable. Vista and Server 2008 gain some protection via User Account Control, data-execution protection, and other safeguards, as explained in an article by Dan Goodin in the Register.

While firewalls are a first line of defense against this attack, don't think you're secure just because you have a firewall. Malware and viruses use many different techniques to wiggle their way into our systems.

For example, my office's networks are protected by firewalls on the outside, but inside the network, PCs have file and printer sharing enabled. If a worm got loose inside the office network (and the patch hadn't been installed), the attack would spread like wildfire.

Many antivirus vendors have already issued definition updates that protect against this attack. Your antivirus program, however, may not protect you completely even if your AV definitions are up-to-date. Early reports indicate that there are already nine different strains of viruses trying to take advantage of this vulnerability. We can expect more to come, so even the best AV application may not be able to update fast enough.

I've tested this patch and have had no problems applying it. I strongly urge you to download and install this patch manually. Restart your PC before installing any patch to verify that your machine is bootable. Then be sure to reboot again after installing the patch, so the patched binaries completely replace the vulnerable components.

Microsoft has posted several versions of the patch that apply to different operating systems:

• Windows 2000 with Service Pack 4 patch download
• Windows XP with Service Pack 2 or 3 patch download
• Windows XP 64-bit Edition patch download
• Windows Server 2003 with Service Pack 1 or 2 patch download
• Windows Server 2003 64-bit Edition patch download
• Windows Vista with or without Service Pack 1 patch download
• Windows Vista 64-bit Edition with or without Service Pack 1 patch download
• Windows Server 2008 32-bit Edition patch download
• Windows Server 2008 64-bit Edition patch download

More information: Please read security bulletin MS08-067. For an excellent technical explanation of the vulnerability and possible mitigations, read TechNet's Oct. 23 description. (TechNet incorrectly refers to MS08-067 as "out-of-band," but the patch is simply out-of-cycle, because it wasn't released on Microsoft's usual Patch Tuesday monthly cycle.)
    

Sebby

It must be serious if they didn't wait until patch Tuesday. That's really not like them. :o

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Inactive

Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

Rik

All done here - I wonder if IDNet notice a surge on patch Tuesday/Wednesday each month?
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Inactive

Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby



ducky22

This one was a nightmare for me...

12 servers all had to be logged into, open windows update and rebooted (one at a time...).

Definitely a further excuse to find some time to upgrade to Server 2008 which wasn't marked as 'critical' for this flaw.

Den

Mr Music Man.

zappaDPJ

I got this update as well.

One of the complaints about Vista is the UAC nag screen... 'are you really, really sure you want to do this because we don't think you should blah, blah, blah' Yes! It's my PC and yes I really, really do want to do this, that's why I double clicked the shortcut.

So the update comes down the wire while I'm making a coffee and as I sit back down to my PC it spontaneously reboots taking with it 20 minutes of unsaved work. I know it was the update because it told me with great pride upon reentering the desktop that the update was successful.

But did it ask me if I wanted to save my work? Did it ask me it was ok to reboot? Did it my ar..

It's actually not my PC at all is it Mr Gates although I must admit the irony of it all did make me laugh  ;D
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby

You should switch UAC off. ;)

I agree that the automatic reboot thing is annoying.

Noreen

Quote from: zappaDPJ on Oct 24, 2008, 23:02:32
I got this update as well.

One of the complaints about Vista is the UAC nag screen... 'are you really, really sure you want to do this because we don't think you should blah, blah, blah' Yes! It's my PC and yes I really, really do want to do this, that's why I double clicked the shortcut.

So the update comes down the wire while I'm making a coffee and as I sit back down to my PC it spontaneously reboots taking with it 20 minutes of unsaved work. I know it was the update because it told me with great pride upon reentering the desktop that the update was successful.

But did it ask me if I wanted to save my work? Did it ask me it was ok to reboot? Did it my ar..

It's actually not my PC at all is it Mr Gates although I must admit the irony of it all did make me laugh  ;D
I have my Windows Updates set to inform me when they are available but NOT to install. I then review any available and install and click the restart button when I choose.

Glenn

At work they don't use a Windows update server, so most PC/Laptops are missing updates since they were last built or had problems fixed. Yesterday I pointed out to the patch to the Desktop Admin team, within about 2 hours the patch was deployed to approximately 3000 machines.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

I hope they're going to adopt a more effective stance in future, Glenn.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Glenn

I keep on to them about the updates server every couple of months, the response I get is 'Three wont pay for it'
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby


Glenn

Christmas 2006 I spent 4 days rebuilding 80 - 100 PC's as a worm virus wrecked them. It was brought in by a contractor who against the company policy connected his own laptop to the corporate LAN.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.