Microsoft rushes out emergency Windows security fix

Morshad published 23 Oct 2008, 20:53 in main - 232 views

Fav

Updated Microsoft has released an emergency security update for a broad swath of its users that patches a critical security hole that is already being exploited in the wild.

The vulnerability - which has been subjected to "limited, targeted attacks" - could allow miscreants to create wormable exploits that remotely execute malicious code on vulnerable machines, Microsoft said. No interaction is required from the end user. It was the first patch released outside Microsoft's regular update cycle in 18 months.

"This is a remote code execution vulnerability," Microsoft's out-of-band advisory warned. "An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely."

The vulnerability stems from the failure of Windows server service to properly vet remote procedure call (RPC) requests for malicious content. The service handles the sharing of printers, disk and other resources over a network. It also allows applications on one networked computer to communicate with applications on another machine.

On the 2000, XP, and Server 2003 versions of Windows, anonymous users with access to the target network could exploit the weakness by sending a specially crafted network packet to the affected system. Microsoft rated the vulnerability as "critical" - its most severe designation - for those versions.

News source: The Register

Tags: Microsoft, Windows, Security, Update, Vulnerability

Digg this

Prev Article: 24 Hours Later, I Love The T-Mobile G1, But ... Next Article: Being smart about webmail

No Comments!

It's quiet in here... can you hear the echo?

Login or register to add a comment

Create a new account or login to join in the conversation on NewXwin.net. You'll also be able to NewXwin.net stories to help promote things you like.

Random Technology News

Fav

Flash flaw leads to Vista laptop's fall