Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is KB958644 the critical security patch?


  • Please log in to reply
22 replies to this topic

#1 Lloyd T

Lloyd T

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:20 PM

Posted 24 October 2008 - 10:17 AM

Yesterday Automatic Updates installed KB958644 on both of my computers. Is this the critical update?

What is the virus that exploits the vulnerability?

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:20 PM

Posted 24 October 2008 - 10:43 AM

Is this the critical update?

Did you see the warning at the top of the forum page when you logged in?

http://support.microsoft.com/kb/958644
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Lloyd T

Lloyd T
  • Topic Starter

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:20 PM

Posted 24 October 2008 - 10:52 AM

Yes I did see it and the update was installed yesterday. I have read about the vulnerability in advance in Lavasoft's (Ad-Aware) site.

Edited by Lloyd T, 24 October 2008 - 10:56 AM.


#4 Lloyd T

Lloyd T
  • Topic Starter

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:20 PM

Posted 24 October 2008 - 12:47 PM

How serious is this update?

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:20 PM

Posted 24 October 2008 - 01:33 PM

Well, allowing remote code execution kind of ranks high in my book
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 Lloyd T

Lloyd T
  • Topic Starter

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:20 PM

Posted 24 October 2008 - 01:36 PM

Please define "remote code execution".

Are there any viruses that exploits this vulnerability?

#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:20 PM

Posted 24 October 2008 - 01:51 PM

http://en.wikipedia.org/wiki/Arbitrary_code_execution

Google is my friend :thumbsup:
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 tswsl1989

tswsl1989

  • Members
  • 260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cymru/Wales
  • Local time:02:20 AM

Posted 24 October 2008 - 02:01 PM

The fact that the update was released out of band indicates that Microsoft consider the security risk to be considerable. (Last happened 04/2007)
This vulnerability has the potential to be used in a similar manner as the MS Blaster worm. The risk was also enough for ISC to upgrade their threatcon to Yellow for Thursday and most of Friday, although they've reduced it to Green now that word has gone out to the wider community.
Tom

Tswsl1989
Duct tape is like the force. It has a light side, a dark side, and it holds the universe together

#9 Lloyd T

Lloyd T
  • Topic Starter

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:20 PM

Posted 24 October 2008 - 02:12 PM

So will people with the patch would be immune to a certain type of malware that directly exploit the vulnerability?

I've just read the definition of remote code execution, and it sounds pretty scary. Probably worse than Virtumonde.

#10 MowGreen

MowGreen

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 PM

Posted 24 October 2008 - 04:59 PM

From the Microsoft Malware Protection Center blog, posted 10/23: Get Protected, Now!

Currently, attacks try to download a trojan named n2.exe to the victim’s computer and there are now two different versions of this binary. Our products are able to detect both files as TrojanSpy:Win32/Gimmiv.A. This trojan drops another DLL that we detect as TrojanSpy:Win32/Gimmiv.A.dll. The malware deletes itself after it executes so you may not find it even on systems that were previously infected. Our products provide real-time protection that will block that malware from being copied to the hard drive


For a better understanding of the vulnerability, read the MS Security Vulnerability Research & Defense blog, posted 10/23:
More detail about MS08-067, the out-of-band netapi32.dll security update

And finally, from MS08-067 Released:

We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems that we discovered about two weeks ago through our ongoing monitoring. As we investigated these attacks we found they were utilizing a new vulnerability and initiated our Software Security Incident Response Process (SSIRP). As we analyzed the vulnerability in our SSRP process, we found that this vulnerability was potentially wormable on Windows XP and older systems. Our analysis also showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly. Based on those two factors, we felt that it was in the best interest of customers for us to release this update before the regular November release cycle. We also have detection for the malware we found used in attacks exploiting this vulnerability (TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Gimmiv.A.dll) in the signatures the MMPC is releasing today and sharing that information with our partners.

MMPC is the Microsoft Malware Protection Center
Steve Wechsler (akaMowGreen)
MS-MVP 2003-2011
Windows Expert - IT Pro
Consumer Security

*-343-* FDNY
NEVER FORGOTTEN

#11 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 24 October 2008 - 06:31 PM

Does this security update work for Vista? I had an update today it was just called Security Update for Windows Vista (KB958644) Is that the Microsoft Security Bulletin?

#12 MowGreen

MowGreen

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 PM

Posted 24 October 2008 - 06:45 PM

Does this security update work for Vista? I had an update today it was just called Security Update for Windows Vista (KB958644) Is that the Microsoft Security Bulletin?

It applies to Vista but it's severity rating is Important for Vista, as opposed to Critical for XP/W2K/WS2K3.

See: Microsoft Security Bulletin MS08-067 – CriticalVulnerability in Server Service Could Allow Remote Code Execution (958644)
There's a full list of Affected Software on that page and pertinent information on the vulnerability.
Steve Wechsler (akaMowGreen)
MS-MVP 2003-2011
Windows Expert - IT Pro
Consumer Security

*-343-* FDNY
NEVER FORGOTTEN

#13 Lloyd T

Lloyd T
  • Topic Starter

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:20 PM

Posted 24 October 2008 - 06:57 PM

Does Avira AntiVir have the definitions for the said trojan? I wouldn't want to have the trojan even if I installed the patch.

Are Windows 98 and 95 also affected or is it just the NT systems?

Note: Sorry for the small error, I forgot to add "n't" after would. I meant to say "wouldn't. Sorry everyone!

Edited by Lloyd T, 24 October 2008 - 07:38 PM.


#14 DJBPace07

DJBPace07

  • BC Advisor
  • 4,869 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 24 October 2008 - 09:10 PM

NT-based systems include, for normal consumers, Windows 2000 and up. There are earlier NT systems like NT 4. Windows 95 and 98 are DOS based. Judging by the knowledge base article, this patch only applies to NT-based systems. This is not a critical security patch for Vista, instead it is considered important. This may be because how Vista is written. Nevertheless, all users should still download and install the update.

3939.png

 


#15 xXAlphaXx

xXAlphaXx

  • Members
  • 867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carlona
  • Local time:09:20 PM

Posted 25 October 2008 - 10:13 AM

Oh noes!

*updates*

*runs scan with kapersky*

*hides*

;_; No worm plx? Don't want to reinstall network.




...on a more serious note.

This "arbitrary code execution" its basically full access to whatever they infectors want?

Edited by xXAlphaXx, 25 October 2008 - 10:14 AM.

If I am helping you and I do not respond within 24 hours, please send me a PM. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users