Microsoft to Issue Emergency Security Update Today

This may be of interest to you folks running Windows:

Microsoft said late Wednesday that it plans to break out of its monthly patch cycle to issue a security update today for a critical vulnerability in all supported versions of Windows.

http://voices.washingtonpost.com/securityfix/2008/10/microsoft_to_issue_emergency_s_1.html

And here:

http://www.theregister.co.uk/2008/10/23/windows_emergency_update/

Microsoft said late Wednesday that it plans to break out of its monthly patch cycle to issue a security update today for a critical vulnerability in all supported versions of Windows.
Got it-Thanks FWF :) Security Update for Windows XP (KB958644) http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Thanks FwF,

Right on the ball, patched…
Thanks for the heads-up,

Damian

Update, 12:45 p.m. ET

My source, who asked not to be identified because Microsoft has not yet publicly discussed the details, said Redmond has acknowledged that criminals have for the past three weeks been using the vulnerability to conduct targeted attacks.

(SecurityFix)

Ooops.

Hi…

Just downloaded and installed it for x64 Vista. :slight_smile:

I didn’t even have to search for it, it just came to me directly via Windows Update. :stuck_out_tongue:

I also read on The Register that Microsoft is putting out a beta for Vista Service Pack 2 within four weeks for testing. I was curious when that was going to be in the works. :wink:

Best Regards…

[off-topic]
It will be interesting to see what is in Vista SP2.
It does seem an unsightly hast to get to SP2 on XP that took some time.
[/off-topic]

Got the update but it knocked out my USB wireless so I had to re-install the drivers

Hi David…

According to the article, the pack is supposed to include Windows Search 4 (which I already have, it was an update available in Windows Update,) Bluetooth Wireless and VIA x64 CPU support along with other program compatibility updates. :slight_smile:

Best Regards…

Hi Essexboy…

I’m sorry this happened. :frowning:

Is it working the way it should after the driver reinstall?

Best Regards…

– We have samples in-house of the trojans in-the-wild that are being used in targeted attacks, taking advantage of this exploit. These are currently only targeted attacks, not being used broadly by malware authors.

http://sunbeltblog.blogspot.com/

The vulnerability - which has been subjected to "limited, targeted attacks" - could allow miscreants to create wormable exploits that remotely execute malicious code on vulnerable machines, Microsoft said. No interaction is required from the end user.

http://www.theregister.co.uk/2008/10/23/emergency_windows_update/

Thanks for the heads-up FwF.


Thanks for posting about this, Frank. :slight_smile:


[b]Data-Stealing Trojan Exploiting Just-Patched Windows Flaw[/b]

Microsoft Windows users who have not yet applied the security update that Redmond released yesterday should take a minute to do that now: Security experts are warning that at least one Trojan horse program with apparent spreading capabilities is in circulation, and that we are likely to see additional malware exploiting the flaw in the coming days.

Sunbelt Software says they’re not able to verify ThreatExpert’s claims that Gimmiv.a is anything more than a data-stealing Trojan, calling claims that the Trojan also functions as a network worm as “misinformation.”

Regardless, this is a nasty vulnerability, period. If you haven’t patched, do it now. If history is any teacher, Sunbelt’s estimation of the threat is probably spot-on: "We would make an educated guess that a worm will hit soon (maybe in the next day or so).

http://blog.washingtonpost.com/securityfix/

Sunbelt is now saying there is a worm component:

No, we're not at worm stage... (yet)

Correction: There is a worm component. (Yes, the trojan itself isn’t a worm. But that overlooks the behavior of a dll, a dll dropped by Gimmiv, which is a worm. Now, that doesn’t mean we’re at a SQL Slammer type worm stage. This Trojan has to get into a system. But, nevertheless, I stand corrected.)

There’s some misinformation going on out there that there is already a worm targeting MS08–067. We haven’t been able to verify this.

Looking at the particular trojan that blog mentioned, it seems to me to be a trojan related to the MS08–067 attacks that I took a quick look at this morning:

http://sunbeltblog.blogspot.com/2008/10/no-were-not-at-worm-stage-yet.html

Vista or xp?

It was on Vista and it took me a whole two minutes to re-install. But, I don’t mind. Better a little inconvenience now than having to re-image later ;D

Hi essexboy,

Here you can read why you did install: http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html
The Gimmiv.A worm * has already infected thousands of computers, and there is more to come, it started just after the patch was being released,

polonus

  • Gimmiv.A allows remote code execution, which makes it potentially “wormable”. Considering that the vector of attack is RPC DCOM and the code is similar to typical RPC DCOM network-aware worms, which is used against other hosts in the network, Gimmiv.A is determined in this post as a worm. However, it could technically be classified as a network-aware trojan that employs functionality of a typical RPC DCOM network-aware worm to attack other hosts in the network.

This update killed by Vista: http://forum.avast.com/index.php?topic=39581.0