Skip to content
Techno360

Techno360

Freebies, Giveaways, Deals, Security tools and Tech News.

  • Home
  • Android
  • eBooks
  • Freebies
  • Gaming
    • free games
  • Windows
  • Search
  • Videos
  • About
    • About Me
    • Privacy Policy
October 25, 2008 Security / Windows

Microsoft issues Critical Security Patch for Windows

Posted by sai

Microsoft
Microsoft issued a emergency security patch  for a  “Critical” security flaw for  Windows 2000, Windows XP and Windows Server 2003 users on Thursday.

The vulnerability can result in a remote code execution, in which malicious attackers could take control of a user’s computer to launch code.

According to Microsoft’s bulletin, the vulnerability is found in Windows 2000 with Service Pack 4, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

The most vulnerable versions of Windows are XP, 2000 and Server 2003. Vista and Server 2008 are also vulnerable, but not as badly. Microsoft considers the bug important enough to issue the patch immediately rather than waiting for their normal once-a-month patch Tuesday.

[ad#ads-many-links]
Microsoft issued a rare out-of-cycle patch for a vulnerability in the Windows Server service that handles remote procedure calls (RPC) that allows programmers to run code either locally or remotely. In issuing MS08-067, Microsoft warns “it is possible that this vulnerability could be used in the crafting of a wormable exploit.” Entitled “Vulnerability in Server Service Could Allow Remote Code Execution (958644)” the specific vulnerability has been assigned a National Vulnerability Database designation of CVE-2008-4250.

Microsoft normally issues patches on the second Tuesday of each month, which has been deemed Patch Tuesday. But out-of-cycle patches are not without precedent. Recent examples include the Windows Animated Cursor Remote Code Execution Vulnerability (April 2007), a vulnerability in Vector Markup Language (September 2006), and a vulnerability in the Graphics Rendering Engine (January 2006).

Making a Windows service not run all the time is called disabling and/or stopping. Stopping refers to the instance of the service currently running. Disabling means preventing it from ever starting again. Microsoft describes how to both stop and disable the Server service in Security Bulletin MS08-067. They also suggest doing the same to the Computer Browser service.

Anyone not sharing files and/or printers on a network should also turn off File and Printer Sharing for Microsoft Networks (the Windows XP name) on all network definitions. For example, on a laptop with both wired Ethernet networking and wireless Wi-Fi networking, File and Printer Sharing should be turned off in both network definitions.

If the Server and Computer Browser services are disabled, then some people might consider the last point (and the next) overkill. I think they are a good idea because it means two mistakes would have to be made to enable file and printer sharing as opposed to only one mistake.

For still more safety, look into how your firewall is configured to ensure that it does not allow incoming traffic on TCP port 139 or 445. Again, this is for someone not sharing files and printers. Firewall configuration varies widely, but if you are using the Windows firewall in XP, the exception for this is called “File and Printer sharing”.

Firewalls are the first line of defense against this type of problem. With that in mind, you may want to review the series of postings I did recently on adding a second router to a LAN to provide additional firewall protection to your most important computers.

[ad#ads-small-link]
Source:Cnet and USAToday

Like this:

Like Loading...

Related

logoMicrosoftSecuritywindows

Post navigation

Previous Post

43Marks: Manage Bookmarks & RSS Feeds In One Place

Next Post

Download MozBackup 1.4.8




Popular Posts

  • Driver Booster Pro 11 Free License – Keep your PC drivers up-to-date 811.7k views
  • AOMEI Backupper Pro 7.3 Free Full Version License[1 Year] 618.5k views
  • Advanced SystemCare Pro v16 Free License 447.7k views
  • Bitdefender Total Security 2023 Free For 6 Months 237k views
  • IObit Uninstaller 13 Pro Free License - An all-in-one uninstaller 185k views
  • Advanced SystemCare Ultimate 16 Free License -PC Tuneup & Security 182.2k views
  • Acronis True Image 2017 BootCD Free -Download Now 131.7k views
  • Aomei Partition Assistant Pro 9.15 Free 1 Year License -Disk Partition Tool 105.5k views
  • EaseUS Disk Copy Pro v4.0 Free License [Windows] 104.2k views
  • IObit Malware Fighter Pro 10.3 Free License -Protect your PC from Ransomware 91.4k views

Please follow & like us :)

Facebook
Facebook
fb-share-icon
Twitter
Visit Us
Follow Me
YouTube
Instagram

Categories

Get new posts by email:

Archives

WordPress Theme: Maxwell by ThemeZee.
Go to mobile version
%d bloggers like this: