Computer Science Canada

Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

Author:  Pockets [ Thu Oct 23, 2008 11:04 pm ]
Post subject:  Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

I hope you've all patched Windows.

Of course, this exploit is as of yet not very highly publicized, and so there'll be plenty of unpatched computers for months to come. *sigh* More slaves for the botnets, I suppose...

Edit: Link

Author:  Dan [ Thu Oct 23, 2008 11:17 pm ]
Post subject:  RE:Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

The link does not work for me, do you have another? (I get "ERROR, "null" is not valid. The CVE either does not exist or is not in the format of CVE-XXX-XXXX.")

Author:  octopi [ Thu Oct 23, 2008 11:52 pm ]
Post subject:  Re: Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

Here is a copy of the security bulletin I received from Microsoft.

<a href='http://www.magnify.ca/MSVUN.pdf'>View PDF</a>

Author:  Pockets [ Fri Oct 24, 2008 12:20 am ]
Post subject:  Re: RE:Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

Dan @ Thu Oct 23, 2008 11:17 pm wrote:
The link does not work for me, do you have another? (I get "ERROR, "null" is not valid. The CVE either does not exist or is not in the format of CVE-XXX-XXXX.")


Weird. That link worked an hour ago. Here's a static link:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4038


It's essentially a buffer underrun exploit along the lines of the RPC 'sploit that Blaster was modeled after. Pretty nasty little bug, and it doesn't take a genius to use it. Microsoft actually moved pretty quickly to patch this one. It's not every day you get a critical update that's not on a Tuesday.


: