Update MS08-666: Vulnerability in Server Service may Cause Apocalypse

Pockets · **Posted:** Thu Oct 23, 2008 11:04 pm

I hope you've all patched Windows.

Of course, this exploit is as of yet not very highly publicized, and so there'll be plenty of unpatched computers for months to come. *sigh* More slaves for the botnets, I suppose...

Edit: Link

Dan · **Posted:** Thu Oct 23, 2008 11:17 pm

The link does not work for me, do you have another? (I get "ERROR, "null" is not valid. The CVE either does not exist or is not in the format of CVE-XXX-XXXX.")

octopi · **Posted:** Thu Oct 23, 2008 11:52 pm

Here is a copy of the security bulletin I received from Microsoft.

View PDF

Pockets · **Posted:** Fri Oct 24, 2008 12:20 am

Dan @ Thu Oct 23, 2008 11:17 pm wrote:

The link does not work for me, do you have another? (I get "ERROR, "null" is not valid. The CVE either does not exist or is not in the format of CVE-XXX-XXXX.")

Weird. That link worked an hour ago. Here's a static link:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4038

It's essentially a buffer underrun exploit along the lines of the RPC 'sploit that Blaster was modeled after. Pretty nasty little bug, and it doesn't take a genius to use it. Microsoft actually moved pretty quickly to patch this one. It's not every day you get a critical update that's not on a Tuesday.

	Computer Science Canada Programming C, C++, Java, PHP, Ruby, Turing, VB Username: Password: Register
Wiki Blog Search Turing Chat Room Members