[GM]Dragon
28-10-2008, 10:04
Windows Server Service Malicious Code Vulnerability Emergency Warning
* MS08-067 Security Patch Emergency Install Required
Caution Regarding Circulation of Malicious Codes through MS08-067 Security Vulnerability
The Security Analysis & Response Center of internet security company INCA Internet (www.nprotect.com) has detected a malicious code that uses Microsoft Windows’ vulnerability (MS08-067) is in circulation abroad, and has asked for Windows users to be particularly cautious and promptly install the emergency security patch.
Full Story :
Full Story
Windows Server Service Malicious Code Vulnerability Emergency Warning
* MS08-067 Security Patch Emergency Install Required
Caution Regarding Circulation of Malicious Codes through MS08-067 Security Vulnerability
The Security Analysis & Response Center of internet security company INCA Internet
(www.nprotect.com) has detected a malicious code that uses Microsoft Windows?
vulnerability (MS08-067) is in circulation abroad, and has asked for Windows users
to be particularly cautious and promptly install the emergency security patch.
This attack was due to the vulnerability of remote code being executable in the
Server Service, in which the attacker used an RPC(Remote Procedure Call)
forwarding method to attack, and the malicious code can be circulated through TCP
ports 139 and 445.
[Reference]
- Server Service : Function that supports the sharing of files, folders, and peripheral
equipments in MS Windows
- RPC : Protocol used to request the services of programs in other computers in the
network
The operating system products that are exposed (or affected) by this vulnerability
are as follows.
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP2, SP3
- Microsoft Windows XP Professional x64 Edition, SP2
- Microsoft Windows Server 2003 SP1, SP2
- Microsoft Windows Server 2003 SP1, SP2 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition, SP2
- Windows Vista, SP1
- Windows Vista x64 Edition
- Windows Server 2008, x64 Edition, Itanium-based Systems
Microsoft has announced an emergency security patch on October 23rd local time.
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
If for any reason you cannot install the security patch, please check whether the
TCP ports 139 and 445 are in use, and if they are not absolutely necessary, it is also
possible to temporarily block them in the firewall.
Because there is a possibility that the attack of malicious codes through this
vulnerability will continuously emerge, we strongly encourage users to install the
security patch (MS08-067).
Currently in Japan, 9 malicious codes that use this vulnerability were found in
certain sites, and INCA Internet?s Security Analysis & Response Center is undergoing
an emergency update.
If you suspect that your system has been infected, or if your system shows
abnormal symptoms, you can diagnose whether your system is infected through
nProtect?s homepage (www.nprotect.com), and the date of the product update
which allows the diagnosis is from the October 24th, 2008 Emergency Update.
(Author : INCA Internet?s Security Analysis & Response Center Jong-Hyun Moon)
* MS08-067 Security Patch Emergency Install Required
Caution Regarding Circulation of Malicious Codes through MS08-067 Security Vulnerability
The Security Analysis & Response Center of internet security company INCA Internet (www.nprotect.com) has detected a malicious code that uses Microsoft Windows’ vulnerability (MS08-067) is in circulation abroad, and has asked for Windows users to be particularly cautious and promptly install the emergency security patch.
Full Story :
Full Story
Windows Server Service Malicious Code Vulnerability Emergency Warning
* MS08-067 Security Patch Emergency Install Required
Caution Regarding Circulation of Malicious Codes through MS08-067 Security Vulnerability
The Security Analysis & Response Center of internet security company INCA Internet
(www.nprotect.com) has detected a malicious code that uses Microsoft Windows?
vulnerability (MS08-067) is in circulation abroad, and has asked for Windows users
to be particularly cautious and promptly install the emergency security patch.
This attack was due to the vulnerability of remote code being executable in the
Server Service, in which the attacker used an RPC(Remote Procedure Call)
forwarding method to attack, and the malicious code can be circulated through TCP
ports 139 and 445.
[Reference]
- Server Service : Function that supports the sharing of files, folders, and peripheral
equipments in MS Windows
- RPC : Protocol used to request the services of programs in other computers in the
network
The operating system products that are exposed (or affected) by this vulnerability
are as follows.
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP2, SP3
- Microsoft Windows XP Professional x64 Edition, SP2
- Microsoft Windows Server 2003 SP1, SP2
- Microsoft Windows Server 2003 SP1, SP2 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition, SP2
- Windows Vista, SP1
- Windows Vista x64 Edition
- Windows Server 2008, x64 Edition, Itanium-based Systems
Microsoft has announced an emergency security patch on October 23rd local time.
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
If for any reason you cannot install the security patch, please check whether the
TCP ports 139 and 445 are in use, and if they are not absolutely necessary, it is also
possible to temporarily block them in the firewall.
Because there is a possibility that the attack of malicious codes through this
vulnerability will continuously emerge, we strongly encourage users to install the
security patch (MS08-067).
Currently in Japan, 9 malicious codes that use this vulnerability were found in
certain sites, and INCA Internet?s Security Analysis & Response Center is undergoing
an emergency update.
If you suspect that your system has been infected, or if your system shows
abnormal symptoms, you can diagnose whether your system is infected through
nProtect?s homepage (www.nprotect.com), and the date of the product update
which allows the diagnosis is from the October 24th, 2008 Emergency Update.
(Author : INCA Internet?s Security Analysis & Response Center Jong-Hyun Moon)