By Dan Goodin in San Francisco
P23rd October 2008
Updated - Microsoft has released an emergency security update for a
broad swath of its users that patches a critical security hole that is
already being exploited in the wild.
The vulnerability - which has been subjected to "limited, targeted
attacks" - could allow miscreants to create wormable exploits that
remotely execute malicious code on vulnerable machines, Microsoft said.
No interaction is required from the end user. It was the first patch
released outside Microsoft's regular update cycle in 18 months.
"This is a remote code execution vulnerability," Microsoft's out-of-band
advisory warned. "An attacker who successfully exploited this
vulnerability could take complete control of an affected system
The vulnerability stems from the failure of Windows server service to
properly vet remote procedure call (RPC) requests for malicious content.
The service handles the sharing of printers, disk and other resources
over a network. It also allows applications on one networked computer to
communicate with applications on another machine.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!