Posted by Chenxi Wang on October 24, 2008
Microsoft just released an out-of-band security update, addressing a remote code execution vulnerability affecting, Microsoft Windows 2000, XP, Windows Server 2003, Vista, and Server 2008, virtually all Microsoft computing platforms out there.
This vulnerability allows unauthorized remote code execution (in XP and earlier) via SMB (server message block) communication. In Vista and later, the code execution must past an authentication.
There are over one billion Windows personal computers worldwide. Approximately 180 million of those are Vista. So that leaves about 820 million computers vulnerable to an anonymous remote code execution, which is a serious vulnerability. Given the magnitude of Microsoft's install base there, the situation is grave indeed. This is why Microsoft is taking the extraordinary step to issue an out-of-band security update to address this situation.
Microsoft noted that the attacks that they have seen thus far have been used to install a particular kind of malware (it's speculated that a particular organization knows the vulnerability and how to exploit it, and they are covertly using it to propagate the malware).
So what you should do to protect yourself? Three things:
1. Install the Microsoft security update as soon as possible. If you have Windows automatic update enabled, you should be OK. If not, the update can be found at: Microsoft Update.
2. You can also try one of these workarounds listed in the Microsoft security bulletin, while you test the update.
3. Make sure that you update the signatures of the security software, such as anti-virus, to catch the malware that is going around as the result of the exploit.
Some good technical discussion about this can be found at http://blogs.technet.com/swi/.