JPCERT-AT-2008-0018
JPCERT/CC
2008-10-24
<<< JPCERT/CC Alert 2008-10-24 >>>
Vulnerability in Microsoft Server Service
http://www.jpcert.or.jp/at/2008/at080018.txt
I. Overview
Microsoft has released an urgent advisory regarding a Server
service vulnerability, containing one security update with severity
rating "Critical". A remote attacker could use this vulnerability to
execute arbitrary code.
According to Microsoft, some targeted attacks exploiting this
vulnerability have already been found. Prompt action is recommended
since this vulnerability could also be exploited by worms that spread
automatically.
For further information about the vulnerability, refer to the
following URL.
Microsoft Security Bulletin MS08-067 - Critical
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
II. Solution
Use means such as Microsoft Update or Windows Update to apply the
security update immediately.
Microsoft Update
https://www.update.microsoft.com/
Windows Update
https://windowsupdate.microsoft.com/
III. References
Japan Security Team
Security release on October 24, 2008 (extra)
http://blogs.technet.com/jpsecurity/archive/2008/10/24/3141026.aspx
Technical Cyber Security Alert TA08-297A
Microsoft Windows Server Service RPC Vulnerability
http://www.us-cert.gov/cas/techalerts/TA08-297A.html
US-CERT Vulnerability Note VU#827267
Microsoft Server Service RPC stack buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/827267
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top