Microsoft has broken its monthly patch cycle to release an urgent update for Windows 2000, XP, 2003, Vista, and 2008 in order to fix a critical security vulnerability which is already being exploited in the wild.
The bulletin, released yesterday, outlines a flaw in the Server service which allows for remote code execution upon receipt of a specially crafted RPC request – which is to say that this vulnerability does not require user interaction to exploit, making it a particularly nasty little bug. While the flaw requires that your firewall rules allow RPC requests in, it's certainly easier to exploit than most modern Windows vulnerabilities – and trivial from within a local network.
Interestingly, the flaw – which dates right back to Windows' roots in the New Technology (NT) era – also affects the latest pre-beta release of Windows 7, the next-generation Microsoft OS. Although the flaw still exists in Windows 7, it's not quite as bad as prior versions – an attacker must already be authenticated against the target system, which is not required for previous versions of Windows. As a result, Microsoft rates the bug as 'Important' rather than 'Critical' for this OS.
For us mere mortals still using Vista or – heaven help us – XP, the flaw is 'Critical' and requires immediate patching to prevent the baddies from wreaking havoc on your nice shiny system. The best way to fix the issue is to download the update via the [eurl=http://update.microsoft.com[/eurl]Microsoft Update[/eurl] site, which will require a reboot. If that's not possible right now, there are some workarounds: disable both the Computer Browser Service and Server services on Windows 2000 or XP, and Vista or Server 2008 users can filter the affected RPC identifier via netsh as shown in the bulletin. Failing all of that, blocking ports 139 and 445 at the firewall will prevent the nasties from getting in, but is likely to break file sharing and network logon functionality.
This latest security flaw in the Windows core code is embarrassing for Microsoft, but potentially even more so for its customers – I can't stress enough how important it is to ensure you are protected against this issue as soon as possible.
Is this latest gaffe the straw that breaks the camel's back and sends you scurrying for an alternative OS, or is it just bad luck that it's taken Microsoft so many years to spot the flaw? Share your thoughts over in the forums.
The bulletin, released yesterday, outlines a flaw in the Server service which allows for remote code execution upon receipt of a specially crafted RPC request – which is to say that this vulnerability does not require user interaction to exploit, making it a particularly nasty little bug. While the flaw requires that your firewall rules allow RPC requests in, it's certainly easier to exploit than most modern Windows vulnerabilities – and trivial from within a local network.
Interestingly, the flaw – which dates right back to Windows' roots in the New Technology (NT) era – also affects the latest pre-beta release of Windows 7, the next-generation Microsoft OS. Although the flaw still exists in Windows 7, it's not quite as bad as prior versions – an attacker must already be authenticated against the target system, which is not required for previous versions of Windows. As a result, Microsoft rates the bug as 'Important' rather than 'Critical' for this OS.
For us mere mortals still using Vista or – heaven help us – XP, the flaw is 'Critical' and requires immediate patching to prevent the baddies from wreaking havoc on your nice shiny system. The best way to fix the issue is to download the update via the [eurl=http://update.microsoft.com[/eurl]Microsoft Update[/eurl] site, which will require a reboot. If that's not possible right now, there are some workarounds: disable both the Computer Browser Service and Server services on Windows 2000 or XP, and Vista or Server 2008 users can filter the affected RPC identifier via netsh as shown in the bulletin. Failing all of that, blocking ports 139 and 445 at the firewall will prevent the nasties from getting in, but is likely to break file sharing and network logon functionality.
This latest security flaw in the Windows core code is embarrassing for Microsoft, but potentially even more so for its customers – I can't stress enough how important it is to ensure you are protected against this issue as soon as possible.
Is this latest gaffe the straw that breaks the camel's back and sends you scurrying for an alternative OS, or is it just bad luck that it's taken Microsoft so many years to spot the flaw? Share your thoughts over in the forums.
RELATED ARTICLES
MSI MPG Velox 100R Chassis Review
October 14 2021 | 15:04
Want to comment? Please log in.