Microsoft Security Advisory 958963

Hey folks, Mike Reavey here,

It’s been almost five days since we originally released MS08-067, and our tracking shows that security deployments remain strong.   We’re also still unaware of any application compatibility issues with this update.

Like we’ve said, we’re continuing to watch the threat environment. Yesterday, we said that our analysis of public exploit code that was available showed it would always result in a denial of service. Today, we’ve identified the public availability of exploit code that now shows code execution for the vulnerability addressed by MS08-067. This exploit code has been shown to result in remote code execution on Windows Server 2003, Windows XP, and Windows 2000 systems. Our investigation has shown that it does not affect customers who have installed the update. We’ve just published Microsoft Security Advisory 958963 to let customers know about this new development.

At this time, attacks are still limited and targeted, even with the release of this new exploit code.   The malware situation remains the same, as we’ve not seen any self-replicating worms, but instead malware that would be classified as Trojans — specifically the malware we discussed when we released the security update on Thursday.

While there are no new broad attacks from this public exploit code now, we do expect that over the next few days and weeks this public exploit code may likely be used to create new versions of malware that could be used for broader attacks, possibly including self-replicating worms.   Therefore, we continue to strongly encourage customers to test and deploy the security update as quickly as possible.

We will continue to monitor the situation via our ongoing Software Security Incident Response Process (SSIRP) and post updates to the Advisory and the MSRC Blog as we become aware of malware that significantly changes the threat environment.

In the meantime, we continue to urge customers to continue to test and deploy the security update.

-Mike Reavey

*This posting is provided “AS IS” with no warranties, and confers no rights*