

Microsoft Issues Critical Out-Of-Band Update
Posted by JamesB in Technology, tags: security, Windows UpdateToday Microsoft released a security update that fixes a remote code execution vulnerability in the Windows Server Service. This is a serious vulnerability and Microsoft has seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so Microsoft released the fix "out of band" (not on the regular Patch Tuesday).
This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. MSRC Blog
Most perimeter firewalls will block exploit attempts from outside your organization
If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability. That said however the exploit is wormable and as a Trojan has been seen in the wild. The Trojan Gimmiv will certainly be modified so antivirus vendors will likely be behind in detection.
All users are urged to immediately download and install this update either by visiting Windows Update or selecting your operating system from the following website: