Microsoft Security bulletin MS08-067 was an out-of-band security update that was released on October 23, 2008, to address a critical remotely exploitable vulnerability that was being exploited in the wild. The Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability that was addressed

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a light month, with two bulletins covering four vulnerabilities.

It appears that last night, an exploit for the Acrobat util.printf() vulnerability was added to a well known Web attack toolkit. The attack exists as a compressed PDF. Once decompressed, the exploit is encoded with a simple eval()+concatenation block:

In a blog article from last year, I discussed the rise in popularity of exploits using ActiveX overwrite/delete vulnerabilities due to their ease of use. Since that time, we have seen over 100 such vulnerabilities.

I am sure by now that many have read about Trojan.Gimmiv exploiting the new MSRPC vulnerability. While we have not seen any evidence of Gimmiv replicating by itself, we analyzed a second component, related to Gimmiv, which is able to exploit the vulnerability patched on Wednesday.

This morning Microsoft released an out-of-band security update - MS08-067 - for a vulnerability in the Server service. This issue is tracked as BugTraq ID 31874. This issue affects all supported versions of the Windows operating system.

The Symantec DeepSight Threat Analysis team recently observed an interesting attack development related to a known vulnerability type. This seemingly new technique allows attackers to execute a malicious payload immediately on a victim's system, where in the past they weren't able to achieve instant code execution by exploiting such vulnerabilities.

Hello and welcome to this month’s blog on the Microsoft patch releases. This is another fairly heavy month, with 11 bulletins covering 20 vulnerabilities.

Not surprisingly, attackers are again targeting vulnerabilities from the latest set of Microsoft Security Bulletins. This time around, it is the Microsoft Media Encoder ActiveX overflow patched in MS08-053. This attack chronology is another example of the rapid adoption of public exploits into widely deployed exploit toolkits.

All of the vulnerabilities this month are client-side issues rated "critical." Five of the issues affect the GDI+ graphics library; the rest affect Media Player, Microsoft Office, and Media Encoder. All of the issues have the potential to see active exploits, but the GDI+ vulnerabilities have the most avenues of attack and affect the most systems. The OneNote protocol handler vulnerability is fairly trivial to exploit.

On August 20, our honeypots began to receive attacks against the Cisco WebEx Meeting Manager vulnerability. This August 6 vulnerability exists in the ActiveX control used by WebEx to permit users to participate in meetings via Internet Explorer. Users running the vulnerable version of the Webex control who happened upon a Web site distributing the exploit would become infected. The first exploits that we have seen so far have been served via gaming sites that have had the exploit package injected on to them.

Hello and welcome to this month’s blog on the Microsoft patch releases. This is one of the largest releases with 11 bulletins covering 26 vulnerabilities. Seventeen of the vulnerabilities are client-side issues rated “critical;” the remaining nine are rated “important.”