Microsoft Rushes Out Critical RPC Bug Fix

Use Netsparker


Now this doesn’t happen all that often, it must be really serious! An Out-of-Band patch from Microsoft (since it’s famous ‘Patch Tuesday‘ it only releases patches on the second Tuesday of each month) has been released for a new RPC flaw.

I’d imagine it’s similar to the RPC flaw that spawned such disasters as Blaster and Sasser in 2003/4.

Microsoft Security Bulletin MS08-067 – Critical

Microsoft has released an emergency security update for a broad swath of its users that patches a critical security hole that is already being exploited in the wild.

The vulnerability – which has been subjected to “limited, targeted attacks” – could allow miscreants to create wormable exploits that remotely execute malicious code on vulnerable machines, Microsoft said. No interaction is required from the end user. It was the first patch released outside Microsoft’s regular update cycle in 18 months.

“This is a remote code execution vulnerability,” Microsoft’s out-of-band advisory warned. “An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely.”

There is an active piece of malware in the wild using this, F-secure has already detected it and has a signature for Trojan-Spy:W32/Gimmiv.A.

This may have been running around in the wild for some time, perhaps in the underground community. There are always true remote exploits that are unknown to the mass community used by certain higher level groups.

This is the sixth time Microsoft has issued and out-of-band security update since October 2004 when it implemented its policy of releasing patches on the second Tuesday of each month, a company spokesman said. The last time an unscheduled patch update was issued was in April 2007 when it moved to fix a critical bug in the ANI animated cursor feature of Windows.

Thursday’s bulletin also marked the second time Microsoft has offered additional vulnerability details to security providers in advance. About an hour before the patch was released publicly, members of the Microsoft Active Protections Program (MAPP) received a briefing that allowed them to create signatures that detect exploits in anti-virus software and intrusion prevention systems.

Microsoft also offered a stunning amount of detail about the vulnerability to regular Joes here.

It’s only the 6th time this has happened since October 2004 (around 4 years) so you can see that it’s serious and you better install it across any networks you administer.

The update will require a reboot (as usual..).

Source: The Register

Posted in: Exploits/Vulnerabilities, Malware, Windows Hacking

, , , , , , , ,


Latest Posts:


Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.


3 Responses to Microsoft Rushes Out Critical RPC Bug Fix

  1. Pantagruel October 25, 2008 at 9:53 am #

    MS has been covering this patch with a large load of secrecy, so I guess it must be really easy to abuse and gain root level access.

    The first proof of concept codes appeared within hours after the release of the patch, have a look at http://www.immunityinc.com

  2. razta October 26, 2008 at 11:53 am #

    You need Visual Studio to run the PoC, ~4GB download for the trial version!!

    PoC:
    http://www.milw0rm.com/exploits/6824

  3. navin October 26, 2008 at 2:39 pm #

    wow…thanks razta!!