-----------------------------------

Pockets

Thu Oct 23, 2008 11:04 pm


Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

-----------------------------------

[url=http://web.nvd.nist.gov/view/vuln/detail?execution=e2s1]I hope you've all patched Windows. 

Of course, this exploit is as of yet not very highly publicized, and so there'll be plenty of unpatched computers for months to come. *sigh* More slaves for the botnets, I suppose...

Edit: Link


-----------------------------------

Dan

Thu Oct 23, 2008 11:17 pm


RE:Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

-----------------------------------

The link does not work for me, do you have another? (I get "ERROR, "null" is not valid. The CVE either does not exist or is not in the format of CVE-XXX-XXXX.")


-----------------------------------

octopi

Thu Oct 23, 2008 11:52 pm


Re: Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

-----------------------------------

Here is a copy of the security bulletin I received from Microsoft.

View PDF


-----------------------------------

Pockets

Fri Oct 24, 2008 12:20 am


Re: RE:Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

-----------------------------------

The link does not work for me, do you have another? (I get "ERROR, "null" is not valid. The CVE either does not exist or is not in the format of CVE-XXX-XXXX.")

Weird. That link worked an hour ago. Here's a static link:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4038


It's essentially a buffer underrun exploit along the lines of the RPC 'sploit that Blaster was modeled after. Pretty nasty little bug, and it doesn't take a genius to use it. Microsoft actually moved pretty quickly to patch this one. It's not every day you get a critical update that's not on a Tuesday.