[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Time to patch Windows boxes with MS08-067

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Time to patch Windows boxes with MS08-067
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Fri, 24 Oct 2008 00:12:21 +0300 (EEST)

The out-of-the cycle update from Microsoft is MS08-067 - Vulnerability in 
Server Service Could Allow Remote Code Execution:

http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx

Recommended workarounds:
-Disable the Server and Computer Browser services
-Block TCP ports 139 and 445 at the firewall

As reported in Tuesday's advance notification all major Windows versions are 
affected, the bulletin rates Vista update as Important.

Microsoft has updated their AV products to protect against this RPC issue too.

Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
  - From: James Matthews

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution
Next by Date: [Full-disclosure] [USN-658-1] Moodle vulnerability
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1659-1] New libspf2 packages fix potential remote code execution
Next by thread: Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
Index(es):
- Date
- Thread