Microsoft issues emergency patch
24 October 2008
by
Gunthy
Filed under
Security + Windows
Yesterday, Microsoft has issued a critical emergency patch for all it’s currently supported platforms. The patch is to plug a security hole that allows unauthorized access to the system.
More in detail, the vulnerability is caused by a hole in the Server Service. Using a custom crafted RPC-call, an attacker could execute code without any authentication. All current supported platforms are affected, but mostly Windows 2000, XP and 2003 are the most vulnerable. For Vista and server 2008 the bug is marked ‘Important’, as on these platforms there is already a double-check through the much debated UAC option.
However it needs to be noted that even without patching, you can successfully protect a computer against the attack by properly using the firewall, or of course turning off the file-sharing option.
The striking fact is that usually Microsoft doesn’t like to deviate from their normal patch cycle. In fact, this has only happened 3 times before according to the Washington Post. So when the Redmond boys do, it usually means the hole is already being used to break into machines.
I’d recommend to everyone to update their Windows machines as soon as possible, either by using Windows Update, or by visiting the Microsoft Update website.
