Joel Shore's Blog
by Joel Shore
Channel

Microsoft releases a patch and it’s not Tuesday? Take heed.

1 comment | 17I like it!
Tags: critical, Microsoft, patches, security, updates
More »
Recent Posts
October 28, 2008, 10:11 AM — 

By now, we’ve been trained to know that the first Tuesday of every month is the debut of a new crop of patches from the folks in Redmond. But when a patch is released and it’s not a Tuesday, that’s a pretty good clue that the potential for very bad things is, well, very real.

Late last week, Today Microsoft released an emergency patch rated as critical for users of Windows 2000, Windows XP, and Windows Server 2003. This is the first out-of-cycle patch since April 2007, when the company released a patch for a flaw that already was being actively exploited.

“This flaw definitely has potential to be used as a propagation vector for a worm and affects everything from Windows 2000 to Windows 7 pre-beta,” said – not someone from Microsoft, but Ben Greenbaum, senior research manager at Symantec Security Response. “The good news is that Vista and later operating systems will be more difficult if not impossible to exploit automatically, and that most systems will not have the affected ports exposed to the Internet.”

That’s good to know, but with zillions of users downgrading their Vista machines to run good old XP, the problem is not going away with the passage of time.

According to Greenbaum, all it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers.

Check out the bulletin for this new threat, Vulnerability in Server Service Could Allow Remote Code Execution.

And remember to read the details about all of the October updates.

I like it!
Comments
1 comment Add a comment

Caught my attention also...

Yes, this mid-cycle patch caught my attention too.
Kind of like when the Fed adjusts interest rates in between FOMC meetings.
by ComputerConsult... on 10/28/08 at 12:55 pm | reply
View all comments »
Free books

Build your tech library with our book giveaways.

Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne

The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
Marketplace