Emergency Patch Announcement
10/24/2008 12:00
What is happening?
On Thursday October 23rd Microsoft released a critical out-of-band security patch to address a serious new vulnerability in the Windows operating system software. This vulnerability can support a computer worm (similar to Slammer, Code-Red worms of the past).
We have reviewed the security bulletin and have confirmed that the vulnerability poses a threat to some of our servers, web or mail. As a result, we will be applying the security patch tonight, Friday October 24th. The scheduled install is between 12:00 AM and 1:00 AM; we anticipate the install to take no more than five minutes per server. This security patch DOES require a reboot.
We encourage all of our clients to also apply the patch on their personal computers to avoid being taken advantage of from a worm, virus, or Trojan horse that exploits this vulnerability.
Scope
The security patch applies to all Windows Servers and Clients including:
- Windows XP
- Windows 2000
- Windows 2003 (32 & 64 bit)
- Windows Vista / 2008
Q&A
Why did Microsoft release this patch “out-of-band”?
Microsoft believes there is risk of severe impact due to the fact exploit code exists in the wild. Microsoft became aware of this vulnerability 2 weeks ago when exploit code was detected.
How well has Microsoft tested this patch given it has been released “out-of-band”?
Microsoft has confirmed that the section of code that required remediation was fairly easy to address. On that basis, Microsoft believes the patch to be stable and it has passed all QA tests that every security patch is required to go through.
Is “hot patching” supported with this patch?
No, unfortunately this patch does not support “hot patching”.
Does exploit code exist?
Yes, Microsoft has seen targeted attacks in the wild. Unfortunately due to the network vector this attack uses, anti-virus software offers limited protection since no files are written to disk as part of the exploit.
<< Back
View RSS Feed