MS08-067 Update: November 25

 Hi, this is Bill Sisk

A while back we discussed the fact that we’re likely to see new pieces of malware over the coming weeks that exploit the vulnerability resolved in MS08-067.


Recently we’ve received a string of reports from customers that have yet to apply the update and are infected by malware. These most recent reports have a common malware family, and the folks in the Microsoft Malware Protection Center (MMPC) have provided detailed information regarding this latest threat. The detailed write-ups regarding this threat can be found here and here. It’s important to note that customers who have installed MS08-067 are not affected.


Signatures have also been included to protect against it in the Windows Live Safety scanner – customers that think they might be infected can run that for free by visiting


We continue to urge customers to deploy the update and make sure their security software is updated with the latest signatures.





*This posting is provided “AS IS” with no warranties, and confers no rights.*