Out-of-Band Microsoft Security Bulletin

Microsoft announced an unscheduled security bulletin today at 10AM PST that they have a critical vulnerability (MS08-067) which affects Windows 2000, XP, 2K3 Server, Vista, and 2K8 operating systems. This vulnerability is a buffer overflow in the Windows Server service. The vulnerability exists in the way the Server service handles Remote Procedure Call (RPC) requests. The vulnerability allows a remote, unauthenticated attacker to send a specially crafted RPC request to take advantage of the vulnerability and gain remote code execution privileges on the victim machine. For systems running Vista and 2K8 Server, the result of the vulnerability exploit would be a system crash instead of remote code execution.

Palo Alto Networks released coverage for this Microsoft vulnerability shortly after Microsoft announced the vulnerability. Palo Alto Networks customers received a signature for this vulnerability in emergency content release version 90.

Click here to view the Microsoft Security Bulletin.