Microsoft Security Advisory (958963)

Purpose of Advisory: Notification of the availability of a security update to help protect against this potential threat.

Advisory Status: As this issue is already addressed as part of the MS08-067 security bulletin, no additional update is required.

Recommendation: Install the MS08-067 security update to help protect against this vulnerability.

This advisory discusses the following software.

What is the scope of the advisory? 
Microsoft is aware of public posting of exploit code targeting the vulnerability identified in Microsoft Security Update MS08-067. This affects the software that is listed in the “Overview” section.

Is this a security vulnerability that requires Microsoft to issue a security update? 
Microsoft addressed this security vulnerability in MS08-067. Customers who have installed the MS08-067 security update are not affected by this vulnerability. No additional update is required.

What causes the vulnerability? 
The Server service does not properly handle specially crafted RPC requests.

What might an attacker use the vulnerability to do? 
An attacker could exploit this vulnerability over RPC without authentication to run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

What is the Server service? 
The Server service provides RPC support, file and print support, and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC.

What is RPC? 
Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. In RPC, the requesting program is the client and the service-providing program is the server.

Are there any known issues with installing the Microsoft Security Update that protects against this threat? 
No. Microsoft continues to encourage customers to install the update immediately.

If you have installed the update released with Security Bulletin MS08-067, you are already protected from the attack identified in the publicly posted proof of concept code. If you have not installed the update, you are encouraged to apply the workarounds identified in MS08-067.

• Protect Your PC

  We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. Customers can learn more about these steps by visiting Protect Your Computer.

• Keep Windows Updated

  All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.

• Apply workarounds listed in the Microsoft Bulletin

  Security Bulletin MS08-067 lists the applicable workarounds that can be used to protect systems from this vulnerability.