Skip to main content

Microsoft Security Response Center Blog

Most common questions that we've been asked regarding MS08-067

Saturday, October 25, 2008

Since the release we have received several great questions regarding MS08-067 (, thus we decided to compile answers for them. We still want to encourage everyone to apply the update. Can the vulnerability be reached through RPC over HTTP? No, the vulnerability cannot be reached through RPC over HTTP. RPC over HTTP is an end-to-end protocol that has three roles: client, proxy and server.

Additional Microsoft Security Bulletin Webcasts and Information Available for MS08-067

Thursday, October 23, 2008

Hi All, Mike Reavey, here. Just wanted to let you know that based on customer feedback, we have set up two additional Security Bulletin Webcasts related to this out-of-band release. Details are below: · For the Thursday, 10/23/08, 5:00 PM Webcast, customers can register at: · For the Friday, 10/24/08, 11:00 AM Webcast, customers can register at: http://msevents.

More detail about MS08-067, the out-of-band netapi32.dll security update

Thursday, October 23, 2008

Today Microsoft released a security update that fixes a remote code execution vulnerability in the Windows Server Service. This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released the fix “out of band” (not on the regular Patch Tuesday).

MS08-067 Released

Thursday, October 23, 2008

Hi, This is Christopher Budd. Following up on my post from last night, I wanted to let you know that we’ve released MS08-067 today. This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”.

MS08-067: Example of Need for Increased Collaboration

Thursday, October 23, 2008

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run You’ve probably heard that we released an out-of-band Security Bulletin for a vulnerability in Windows (MS08-067).

Advance Notification for Out-of-Band Release

Wednesday, October 22, 2008

Hello this is Christopher Budd, I wanted to let you know that we’ve just posted an Advance Notification for an out-of-band bulletin release. We plan to release one Windows security bulletin with a maximum severity of Critical; scheduled for a target time of 10:00 a.m. PT on Thursday Oct. 23, 2008.

Monthly Security Bulletin Webcast Q&A – October, 2008

Friday, October 17, 2008

Register now for the Novemberr 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: October 2008 Security Bulletin Date: Wednesday, October 15, 2008 Q: What is the difference between Microsoft Update and Windows Update as patch mechanisms?

Security Bulletin Webcast Questions and Answers - October 2008

Friday, October 17, 2008

Hi, During this month’s webcast we were able to address 18 questions in the time allotted. The questions were spread fairly evenly across all bulletins, as well as the Exploitability Index that was released for the first time with this Bulletin Release Cycle. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

State of the Union

Thursday, October 16, 2008

I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of security. While I’ve found plenty of things to be excited about with security, including improved awareness, ~~~~enhanced vendor responsiveness to issues (although some still lag behind), increasing global awareness of security concerns, etc.

Black Hat Follow Up: Answering the Hard Questions

Tuesday, October 14, 2008

Handle: Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns It’s October! And for those who remember Black Hat 2008 in Las Vegas, this means the programs we announced have launched.