Patching Time (MS08-067)

It's time to patch all your Windows machine !!!

Normally Microsoft releases security updates once a month, at the second Tuesday of the every month. Very rarely security updates are released out outside of this regular update cycle. Out-of-band and out-of-cycle describe the situation when waiting the regular update Tuesday, so-called Patch Tuesday is not enough to protect Windows systems against exploitation. On Thursday 23th October Security Update MS08-067 has been released.

On Friday 24th October the proof of concept code was released after a reverse engineering activity, a data collecting Trojan (Gimmiv.A) and a Trojan searching for non-patched machines on LAN (Arpoc.A) are already spreading into the wild.

There are several names and all of the files has same size, i.e. 397,312 bytes.
The MD5 is f173007fbd8e2190af3be7837acd70a4

We can detect it using SNORT Rules www.snort.org/vrt/advisories/vrt-rules-2008-10-23.html, Microsoft Malware Protection Center http://www.microsoft.com/security/portal/Entry.aspx?name=Exploit%3aWin32%2fMS08067.gen!A and MBSA http://www.microsoft.com/technet/security/tools/mbsahome.mspx.

More details on:
http://blogs.securiteam.com/index.php/archives/1150
http://blogs.technet.com/msrc/archive/2008/10/23/additional-upcoming-bulletin-webcasts.aspx
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Tags:

About author

Vittorio Pavesi