ANN: Out-of-band Security Update to be released 23 Oct-08

Discussion in 'Windows Update' started by PA Bear [MS MVP], Oct 23, 2008.

  1. Microsoft Security Bulletin Advance Notification for October 2008
    http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

    <QP>
    This is an advance notification of an out-of-band security bulletin that
    Microsoft is intending to release on Thursday, 23 October 2008.

    Critical Security Bulletin (1)
    ============================================================

    Windows Bulletin

    - Affected Software:

    - Microsoft Windows 2000 Service Pack 4
    - Windows XP Service Pack 2 and Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and Windows XP Professional x64
    Edition Service Pack 2
    - Windows Server 2003 Service Pack 1 and Windows Server 2003 Service
    Pack 2
    - Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
    Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and Windows
    Server 2003 with SP2 for Itanium based Systems
    - Windows Vista and Windows Vista Service Pack 1
    - Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    - Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server
    Core installation affected)
    - Windows Server 2008 for x64-based Systems (Windows Server 2008 Server
    Core installation affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Restart Requirement: The update requires a restart
    - Version Number: 1.0

    © 2008 Microsoft Corporation
    </QP>

    Microsoft will host a webcast to address customer questions on this
    out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time
    (US & Canada). Register for this out-of-band Security Bulletin Webcast at
    the link above.

    [Crossposted to Security, Security Home Users, and Windows Update
    newsgroups; Followup To set for Security newsgroup]
     
    PA Bear [MS MVP], Oct 23, 2008
    #1
    1. Advertisements

  2. PA Bear [MS MVP]

    Engel Guest

    Hello Robear,

    There are here:

    Security Update for Windows Vista (KB958644)
    Definition Update for Windows Defender - KB915597 (Definition 1.45.1012.0)

    Thank you
    -=-
     
    Engel, Oct 23, 2008
    #2
    1. Advertisements

  3. The update is available from the links on the Security Bulletin NOW !
    http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx


    In addition, the below shows the severity rating of this out-of-band
    update. For those systems that it's deemed Critical for, be
    ***strongly advised*** that it should be installed AS SOON AS POSSIBLE.

    The vulnerability ***is*** already being actively exploited, albeit in
    small numbers. That will change *** very soon ***.


    Windows Operating System and Components


    Microsoft Windows 2000
    Bulletin Identifier
    Windows

    Aggregate Severity Rating
    Critical

    Microsoft Windows 2000 Service Pack 4
    Microsoft Windows 2000 Service Pack 4
    (Critical)

    Windows XP
    Bulletin Identifier
    Windows

    Aggregate Severity Rating
    Critical

    Windows XP Service Pack 2 and Windows XP Service Pack 3
    Windows XP Service Pack 2 and Windows XP Service Pack 3
    (Critical)

    Windows XP Professional x64 Edition and Windows XP Professional x64
    Edition Service Pack 2
    Windows XP Professional x64 Edition and Windows XP Professional x64
    Edition Service Pack 2
    (Critical)

    Windows Server 2003
    Bulletin Identifier
    Windows

    Aggregate Severity Rating
    Critical

    Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    (Critical)

    Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
    Service Pack 2
    Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
    Service Pack 2
    (Critical)

    Windows Server 2003 with SP1 for Itanium-based Systems and Windows
    Server 2003 with SP2 for Itanium-based Systems
    Windows Server 2003 with SP1 for Itanium-based Systems and Windows
    Server 2003 with SP2 for Itanium-based Systems
    (Critical)

    Windows Vista
    Bulletin Identifier
    Windows

    Aggregate Severity Rating
    Important

    Windows Vista and Windows Vista Service Pack 1
    Windows Vista and Windows Vista Service Pack 1
    (Important)

    Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
    (Important)

    Windows Server 2008
    Bulletin Identifier
    Windows

    Aggregate Severity Rating
    Important

    Windows Server 2008 for 32-bit Systems
    Windows Server 2008 for 32-bit Systems*
    (Important)

    Windows Server 2008 for x64-based Systems
    Windows Server 2008 for x64-based Systems*
    (Important)

    Windows Server 2008 for Itanium-based Systems
    Windows Server 2008 for Itanium-based Systems
    (Important)

    IF anyone has an issue either installing this update, the update is
    reoffered, or there are issues after installing it, please contact MS
    for *** no-charge *** technical support:

    " Support
    • Customers in the U.S. and Canada can receive technical support from
    Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge
    for support calls that are associated with security updates.
    • International customers can receive support from their local
    Microsoft subsidiaries. There is no charge for support that is
    associated with security updates. For more information about how to
    contact Microsoft for support issues, visit the International Support
    Web site.
    http://go.microsoft.com/fwlink/?LinkId=21155 "


    MowGreen [MVP 2003-2009]
    ===============
    *-343-* FDNY
    Never Forgotten
    ===============


     
    MowGreen [MVP], Oct 23, 2008
    #3
  4. [Crossposted to Security, Security Home Users; Windows Update newsgroups;
    Followup To set for Security newsgroup]

    MS08-067 Vulnerability in Server Service Could Allow Remote Code Execution
    (958644)
    <QP>
    Executive Summary

    This security update resolves a privately reported vulnerability in the
    Server service. The vulnerability could allow remote code execution if an
    affected system received a specially crafted RPC request. On Microsoft
    Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could
    exploit this vulnerability without authentication to run arbitrary code. It
    is possible that this vulnerability could be used in the crafting of a
    wormable exploit. Firewall best practices and standard default firewall
    configurations can help protect network resources from attacks that
    originate outside the enterprise perimeter.

    This security update is rated Critical for all supported editions of
    Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important
    for all supported editions of Windows Vista and Windows Server 2008...
    </QP>
    Source: http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

    !! => Malware Protection Center: Get Protected, Now!
    http://blogs.technet.com/mmpc/archive/2008/10/23/get-protected-now.aspx
    --
    ~PA Bear
    <snip>
     
    PA Bear [MS MVP], Oct 23, 2008
    #4
  5. PA Bear [MS MVP]

    InfoSecGuru Guest

    does this affect XP Embedded?

    ==================================
     
    InfoSecGuru, Oct 24, 2008
    #5
  6. PA Bear [MS MVP]

    josephr38 Guest

    We have received unconfirmed reports from other companies that the Microsoft
    Security Bulletin MS08-067 caused some issues after installation. HAs anyone
    else heard or experienced any issues with the install??

    Thanks,
    Joseph

     
    josephr38, Oct 27, 2008
    #6
  7. <QP>
    In terms of the security update itself, we’re seeing strong deployments
    worldwide. We also have no reports of known issues with the security update
    at this time.
    </QP>
    Source:
    http://blogs.technet.com/msrc/archive/2008/10/26/update-on-ms08-067.aspx

    That being said, free support is available should you run into problems:

    Start a free Windows Update support incident request:
    https://support.microsoft.com/oas/default.aspx?gprid=6527

    Support for Windows Update:
    http://support.microsoft.com/gp/wusupport

    For home users, no-charge support is available by calling 1-866-PCSAFETY in
    the United States and in Canada or by contacting your local Microsoft
    subsidiary. There is no-charge for support calls that are associated with
    security updates. When you call, clearly state that your problem is related
    to a Security Update and cite the update's KB number (e.g., KB958644).

    For more information about how to contact your local Microsoft subsidiary
    for security update support issues, visit the International Support Web
    site: http://support.microsoft.com/common/international.aspx

    For enterprise customers, support for security updates is available through
    your usual support contacts.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE, OE, Security, Shell/User)
    AumHa VSOP & Admin; DTS-L.net

     
    PA Bear [MS MVP], Oct 27, 2008
    #7
  8. What PA Bear said. Also, we know that in at least some cases problems thought
    to be caused by MS08-067 were actually caused by a third-party software update
    that was released around the same time.

    Harry.
     
    Harry Johnston [MVP], Oct 27, 2008
    #8
  9. Microsoft Security Advisory (958963): Exploit Code Published Affecting the
    Server Service
    <QP>
    Microsoft is aware that detailed exploit code demonstrating code execution
    has been published on the Internet for the vulnerability that is addressed
    by security update MS08-067. This exploit code demonstrates code execution
    on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of
    limited, targeted active attacks that use this exploit code. At this time,
    there are no self-replicating attacks associated with this vulnerability.
    Microsoft has activated its Software Security Incident Response Process
    (SSIRP) and is continuing to investigate this issue.

    Our investigation of this exploit code has verified that it does not affect
    customers who have installed the updates detailed in MS08-067 on their
    computers. Microsoft continues to recommend that customers apply the
    updates to the affected products by enabling the Automatic Updates feature
    in Windows.

    We continue to work with our Microsoft Security Response Alliance (MSRA) and
    Microsoft Active Protections Program (MAPP) partners so that their products
    can provide additional protections for customers. We have updated our
    Windows Live Safety Scanner, Windows Live One Care, and Forefront security
    products with protections for customers. We have also been working with our
    partners in the Global Infrastructure Alliance for Internet Safety (GIAIS)
    program to take steps to help keep attacks from spreading.

    Customers who believe they are affected can contact Customer Service and
    Support. Contact CSS in North America for help with security update issues
    or viruses at no charge using the PC Safety line (1-866-PCSAFETY).
    International customers may request help by using any method found at this
    location: http://www.microsoft.com/protect/support/default.mspx (click on
    the select your region hyperlink in the first paragraph).

    Mitigating Factors:

    • Customers who have installed the MS08-067 security update are not affected
    by this vulnerability.

    • Windows 2000, Windows XP and Windows Server 2003 systems are primarily at
    risk from this vulnerability. Customers running these platforms should
    deploy MS08-067 as soon as possible.

    • While installation of the update is the recommended action, customers who
    have applied the mitigations as identified in MS08-067 will have minimized
    their exposure and potential exploitability against an attack.
    </QP>
    Source: http://www.microsoft.com/technet/security/advisory/958963.mspx
     
    PA Bear [MS MVP], Oct 27, 2008
    #9
  10. PA Bear [MS MVP]

    WAB Guest

    On Monday morning after the update, about 50 pc's in my Domain OU all
    received the following error when trying to run windows or Microsoft
    update!!!
    Note:Other OU's reporting windows update failing!!
    Of the three option given for (error number 0x800A0046), the script in the
    second option restore the ability to run Microsoft update, but We hade to go
    through the "start using Microsoft updates" as if it had never been used!
    Note: doesn't always survive reboot!

    Nobody seams to know if it;s waht is causing it, the MS patch, the AD or
    both??
    Wab
    Please change your Internet Explorer security settings
    To save changes to your settings for this website, you need to enable
    userdata persistence for Internet Explorer. Complete the steps below, and
    then click Change settings to the left and try saving your changes again.
    1. In Internet Explorer, on the Tools menu, click Internet Options.
    2. Click the Security tab, click the Internet security zone icon, and
    then click Custom Level.
    3. In the Settings dialog box, scroll to the Miscellaneous section.
    4. Under Userdata persistence , select Enable.
    5. Click OK and when the security warning dialog box appears, click
    Yes.
    Read more about steps you can take to resolve this problem (error number
    0x800A0046) yourself.
     
    WAB, Nov 4, 2008
    #10
  11. Error message when you visit the Windows Update Web site or the Microsoft
    Update Web site: "0x800A0046":
    http://support.microsoft.com/kb/910338

    Error message when you try to install Microsoft Update on a Windows
    Vista-based computer: "Could not install Microsoft Update on the computer":
    http://support.microsoft.com/kb/933528

    ===
    Start a free Windows Update support incident request:
    https://support.microsoft.com/oas/default.aspx?gprid=6527

    Support for Windows Update:
    http://support.microsoft.com/gp/wusupport

    For more information about how to contact your local Microsoft subsidiary
    for security update support issues, visit the International Support Web
    site: http://support.microsoft.com/common/international.aspx

    For enterprise customers, support for security updates is available through
    your usual support contacts.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE, OE, Security, Shell/User)
    AumHa VSOP & Admin; DTS-L.net
     
    PA Bear [MS MVP], Nov 4, 2008
    #11
  12. PA Bear [MS MVP]

    WAB Guest

    Robear, Nice copy and paste, but it doesn't provide any insight!

    As I said, the script restores the ability to access windows/Microsoft
    updated site, but It doesn't always survive reboot!

    Subinacl /service wuauserv
    /sddl=D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

    Our domain admins say they can't find anything wrong, so is it a by product
    of the out of band patch or our AD admin's,?
    Is it by accident or design?

    Already submitted support request.

    Wondering if any one else is having this problem and if so did they find
    solution?

    Something striped many User/pc's ability to access Window/Microsoft update
    and download critical updates right after the out of band patch.

    I don't know if it was the MS patch or our domain admin's, but weather by
    accident or design I need to find an answer/solution to protect the OU I
    manage.

    I can't keep running around running this script over and over again, need
    something more then a bandaid!
    So I ask the question, are there others having this problem after the out of
    band patch?
    wab




     
    WAB, Nov 4, 2008
    #12
  13. As I said, the script restores the ability to access windows/Microsoft
    Then one assumes something must be disallowing the changes to persist.
    Could be anti-virus application, third-party firewall, and/or Group
    Policy...or already-infected machines!
    Excellent. I'm quite sure you'll need assistance from MS.

    Considering the following, I think it'd be best to have MS08-067 installed
    on all machines at all times:

    http://msmvps.com/blogs/harrywaldro...exploiting-unpatched-systems-in-the-wild.aspx
    (and links therein)

    http://msmvps.com/blogs/harrywaldro...7-trojan-gimmiv-a-is-not-a-true-worm-yet.aspx
    (and links therein)

    http://blogs.technet.com/mmpc/archive/2008/10/28/whats-travelling-on-the-wire-part-2.aspx
    (nearly 50% of attacks via RPC Service)

    http://blogs.technet.com/msrc/archive/2008/10/27/microsoft-security-advisory-958963.aspx

    http://blogs.technet.com/mmpc/archive/2008/10/23/get-protected-now.aspx

    Good luck!
    --
    ~PA Bear
     
    PA Bear [MS MVP], Nov 4, 2008
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.