This is Christopher Budd. Following up on my post from last night, I wanted to let you know that we’ve released MS08-067 today.
This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. To help you better understand the details around the vulnerability, my colleagues over at the Security Vulnerability Research & Defense blog have provided some more information here. Also, Michael Howard has provided some background on the vulnerability from the Security Development Lifecycle perspective here.
In addition, to releasing a security update to address the vulnerability, we’ve also taken steps to help enable broader protections for customers. Specifically, our colleagues in the Microsoft Malware Protection Center have released updated signatures that can enable Microsoft Forefront and Microsoft OneCare to protect against current attempts to exploit the vulnerability (Exploit:Win32/MS08067.gen!A). You can read about what they’re doing to help protect here. We have also provided information to our security partners in our Microsoft Active Protections Program and our Microsoft Security Response Alliance Program. We encourage all customers to update the signatures for their security protection products to help provide protections while they’re testing and deploying these updates.
We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems that we discovered about two weeks ago through our ongoing monitoring. As we investigated these attacks we found they were utilizing a new vulnerability and initiated our Software Security Incident Response Process (SSIRP). As we analyzed the vulnerability in our SSRP process, we found that this vulnerability was potentially wormable on Windows XP and older systems. Our analysis also showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly. Based on those two factors, we felt that it was in the best interest of customers for us to release this update before the regular November release cycle.We have also have detection for the malware we found used in attacks exploiting this vulnerability (TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Gimmiv.A.dll) in the signatures the MMPC is releasing today and sharing that information with our partners.
We aren’t done when we release an update. Our Customer Service and Support teams are ready to support customers as they deploy the update. And our security teams, and our partners, are monitoring for active attacks against this vulnerability. As always, we’ll update you with any information that we have as it develops.
In the meantime, we encourage you to test and deploy the security updates and security software signatures as soon as possible.
*This posting is provided “AS IS” with no warranties, and confers no rights.*