MS Windows Wormable Vulnerability, Out-of-Band Patch Released (MS08-067)
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ has received reports of exploits circulating in the wild that take advantage of a serious Windows vulnerability. Microsoft just released an out-of-band patch to address this just hours ago (see MS08-067).
The remote code execution vulnerability is found in netapi32.dll, and carries a severity rating of "Critical" by Microsoft, affecting even fully patched Windows machines. This vulnerability (CVE-2008-4250) allows malicious hackers to write a worm (self-propagating malicious code without need for any user interaction), by crafting a special RPC request. A successful exploitation would result in the complete control of victim machine.
To date, we have seen attacks installing a Trojan (Gimmiv) upon successful exploitation. At the time of this alert, only 25% of 36 anti-virus vendors could detect this malicious code. Blocking TCP ports 139 and 445 at the firewall is only a partial solution because most desktops have file/printer sharing turned on. The out-of-band patch release by Microsoft testifies to the severity of this vulnerability and the urgency for an immediate fix.