MS08-067 - an out-of-band Windows critical security update

Filed Under: Malware, SophosLabs, Vulnerability

When Microsoft decides to release an out of band security update only a week after the regular monthly update you can be sure that we are dealing with a serious issue.

You can read more about it in Microsoft Security Bulletin MS08-067 and we have also created our own advisory.

The vulnerability can be exploited using an unauthenticated SMB/RPC session. It is a classic buffer overflow vulnerability with a potential to cause serious headache to system administrators if left unpatched.

It is the first such buffer overflow remote execution vulnerability we have seen in the last few years.

The last time we saw a similar vulnerability, if I remember correctly, was in 2004, with the W32/Sasser worm.

It remains to be seen how interested the virus writers will be in this vulnerability, considering a general trend towards hidden malware that does not replicate. The noise of generated network traffic seen with large scale outbreaks of self-replicating malware may not appeal to modern day virus writers.

Let us hope that the dark days of Blaster and Sasser history will not be repeated.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.