The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  


  MS releases out-of-band patch for all Windows versions
Time: 05:46 EST/10:46 GMT | News Source: | Posted By: Kenneth van Surksum

This morning i received an email from MS stating that as of today (23rd of October) Microsoft will release an critical out-of-band security update. The update is related to a remote code execution vulnerability.

The full version of the Microsoft Security Bulletin Advance Notification for October 2008 can be found at

Write Comment
Return to News

  Displaying 1 through 25 of 184
Last | Next
  The time now is 4:02:39 PM ET.
Any comment problems? E-mail us
#1 By 24214 ( at 10/23/2008 9:57:08 AM
Word on the street is whatever this patches could have implications on levels of Nimda if you don't patch.

#2 By 23275 ( at 10/23/2008 10:02:25 AM
any truth to it being related to a kernel level function of how much memory is allocated within kernel space for unassembled tcp sessions? If so, plan on patching the moment a patch is issued.

This post was edited by lketchum on Thursday, October 23, 2008 at 10:11.

#3 By 24214 ( at 10/23/2008 10:19:55 AM
I don't know the details yet, but we've already made the decision to patch at release w/o testing after speaking with our TAM.

#4 By 23275 ( at 10/23/2008 11:13:22 AM
#3, same here - capturing new ASR's/ERD's and Last Known State across the board now and ahead of release.

The harder part is how best, and without much good information at all, to communicate what we have to do and why, with customers without sounding alarmist - while stressing the importance of near-immediate action.

This post was edited by lketchum on Thursday, October 23, 2008 at 15:04.

#5 By 1896 ( at 10/23/2008 12:18:53 PM
#3: Same here; no matter that for Vista and Server 2008 is rated "Important" and not "Critical", we will install it right away.
Just in case we have imaged everything :-)
I would also say that I am pleased with the way MS acted: quick and responsible.

This post was edited by Fritzly on Thursday, October 23, 2008 at 12:19.

#6 By 1896 ( at 10/23/2008 1:54:12 PM
WOW!!! MS is really proactive here: there is even a fix for Windows 7.
What a pity I cannot patch it.

#7 By 24214 ( at 10/23/2008 2:49:13 PM
Just got off of a call with our partners and there are reported exploits in the wild already. Client OS version of the exploit requires NO authentication to happen. The sever OS version does by default unless you've customized server default security to a lesser level require Authentication to perform.

#8 By 54556 ( at 10/24/2008 8:04:00 AM
The patch was released on the 12th with all the other Patch Tuesday patches. The only thing that is "out of band" here is the notification update.

The "out of band" exploit is RPC based to the server service, the relevant port should be blocked at a business' firewalls as a matter of best practices anyway, minimizing the vulnerability.

#5, You don't test all patches??? Amazing.

This post was edited by notketchum on Friday, October 24, 2008 at 08:12.

#9 By 17855 ( at 10/24/2008 8:45:51 AM
#8 Where do find that it was released on 10/12/2008? All relevent information on KB958644 indicates it was released 10/22/2008.

#10 By 1896 ( at 10/24/2008 8:49:47 AM
#8: Usually we do; considering the urgency I decided to install it right away.
Granted we are not speaking of a 5000 desktop domain here so I can take shortcuts that bigger companies could not.
Besides my understanding is that yesterday patch is a "revised" one and not the same released on Tuesday, again just my understanding.

This post was edited by Fritzly on Friday, October 24, 2008 at 08:50.

#11 By 23275 ( at 10/24/2008 8:56:04 AM
#9, the OOB update actually updates the netapi32.dll that was first updated 8 Aug, 2006 - that is the vuln. It is accessed via the RPC Server Service and you are right, the revised update was released on the 23rd.

TCP ports 139 and 445, which are normally blocked by enterprises and SOHO NAT devices do mitigate the vuln.; however, XP clients under certain circumstances and regardless of their own firewalls being on, would still be vulnerable.

Since the exploit is potentially wormable, MS assessed the threat to be significant enough to warrant an OOB update - in light of exploit code being discovered in the wild by the MS Fore Front and Live OneCare teams.

Of interest to me was the original concern that the specific area being exploited in netapi32.dll as accessed via the RPC Server Service, did relate to our initial concerns about unassembled tcp sessions. Not hard to conclude when the alert said "all supported operating systems" - so it was probable that an earlier update was the subject of analysis and the only one in recent memory that would also be shared would have been the vuln. originally addressed in Aug 2006.

This post was edited by lketchum on Friday, October 24, 2008 at 08:57.

#12 By 23275 ( at 10/24/2008 9:11:23 AM
REF my 11 above - if you're interested in the original MS06-040 that the OOB updated on the 23rd, here it is,

Additional fixes were released on 12th Sep, 2006 which addressed performance issues induced by the original update as at, KB921883

#13 By 2960 ( at 10/24/2008 12:56:58 PM
It installed on my machine overnight automatically.


#14 By 2332 ( at 10/24/2008 4:54:55 PM
This is a very serious bug. I spent most of the day patching my office and production environments. I'm now 100% patched.

Microsoft would only have done an out-of-band release if they were seeing attack code in the wild. Otherwise it would have waited until November's Patch Tuesday release.

That said, I have a feeling the affects of this will be minimal. Virtually all organizations block the ports needed for this to work. (We certainly do.) So the threat is limited to infected machines being introduced inside the firewall.

Thanks to Windows Update, most user's home machines should be patched be the end of the weekend. Much like a vaccination for the flu, as long as a large percentage of machines are patched, it becomes extremely difficult for infected machines to spread the worm.

I'm sure we'll hear about some corporate network being owned, but overall this won't be another Nimda. Times have changed.

#15 By 4240821 ( at 10/27/2023 7:28:33 AM

#16 By 4240821 ( at 10/30/2023 4:49:52 PM

#17 By 4240821 ( at 10/31/2023 9:04:09 AM

#18 By 4240821 ( at 10/31/2023 3:42:31 PM

#19 By 4240821 ( at 11/1/2023 8:24:47 AM

#20 By 4240821 ( at 11/2/2023 8:22:24 AM

#21 By 4240821 ( at 11/2/2023 1:57:58 PM

#22 By 4240821 ( at 11/3/2023 8:29:19 AM

#23 By 4240821 ( at 11/5/2023 9:28:04 AM

#24 By 4240821 ( at 11/6/2023 8:24:50 AM

#25 By 4240821 ( at 11/8/2023 3:50:52 AM

Write Comment
Return to News
  Displaying 1 through 25 of 184
Last | Next
  The time now is 4:02:39 PM ET.
Any comment problems? E-mail us
User name and password:


  *   *