MS08-067 – an out-of-band Windows critical security update

When Microsoft decides to release an out of band security update only a week after the regular monthly update you can be sure that we are dealing with a serious issue.

You can read more about it in Microsoft Security Bulletin MS08-067 and we have also created our own advisory.

The vulnerability can be exploited using an unauthenticated SMB/RPC session. It is a classic buffer overflow vulnerability with a potential to cause serious headache to system administrators if left unpatched.

It is the first such buffer overflow remote execution vulnerability we have seen in the last few years.

The last time we saw a similar vulnerability, if I remember correctly, was in 2004, with the W32/Sasser worm.

It remains to be seen how interested the virus writers will be in this vulnerability, considering a general trend towards hidden malware that does not replicate. The noise of generated network traffic seen with large scale outbreaks of self-replicating malware may not appeal to modern day virus writers.

Let us hope that the dark days of Blaster and Sasser history will not be repeated.