Microsoft Releases Rare Out-of-Band Security Patch

In response to a very dangerous vulnerability Microsoft has released a security patch outside of their regular monthly patch release routine. You better load this one ASAP.

The patch is in response to a "privately reported" vulnerability that affects RPC services. If an exploit turns up then we might have another super-mega-worm spreading around the Internet like wildfire - unless people defend their systems adequately.

According to Microsoft's bulletin, "The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit."

All versions of Windows are affected - including early releases of Windows 7 - and patches are now available, as linked in the company's related bulletin, "Vulnerability in Server Service Could Allow Remote Code Execution (958644)".

If you can't load the patch quick then either disable the Server and Computer Browser services, or block TCP ports 139 and 445 at the firewall, or both.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.