Thursday, 23 October 2008

Why is everyone so excited about the new Microsoft Patch (23rd October 2008)?

This afternoon, techy web-sites like The Register started reporting about a new Microsoft Patch to be released outside the normal patch cycle. It was to be released at 10am PST, which is 6pm British Summer Time (7pm European Standard Time).

This is very unusual, and has only happened a couple of times in the past few years. Some people reported that their companies had been phoned by Microsoft and warned to apply the patch! So what is the vulnerability that this patch addresses, and why is it a big deal?

That's reported here in Microsoft Security Bulletin MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution (958644)).

The detail says that a malicious user could create a specially crafted RPC* request which can allow remote code execution. It lists the versions of Windows affected - and it's pretty much all of them (Windows 2000 and above, right up to Vista).

So how does this affect you? Well, it means that someone could take over your PC entirely without you knowing anything about it.

Most vulnerabilities rely on users doing something - clicking on a link, downloading something, etc. This one is different - far, far scarier - because the user does not have to do anything - the attacker can get access undetected.
A very real possibility is that someone will write a worm (like a virus, but nastier) that will use this vulnerability to spread. So even if someone doesn't attack your machine directly, a worm from any number of infected machines can infect your machine - and you are then in trouble!

They could capture your internet banking details, they could email all of your contacts, they could use your machine to try to hack into a government network (all of these are real attacks that have happened in the past).

So, where possible, I suggest you patch your machine immediately!

Update: I notice that some sites are reporting that the vulnerability is being exploited in the wild. They do not say in what way, but it does mean that you are even more likely to be attacked.

*RPC means Remote Procedure Call and is a technology that underlies Windows' networking capability.