I was stuck in meetings today and didn’t get a chance to write much more than I did earlier.
Just some quick notes on MS08-067.
– We have samples in-house of the trojans in-the-wild that are being used in targeted attacks, taking advantage of this exploit. These are currently only targeted attacks, not being used broadly by malware authors.
– It is not a light thing. The urgency is quite real — unpatched, you’ve got the spectre of another SQL Slammer, Code Red type of scenario if the malware writers create a worm. The other issue with this patch is that it affects a broad number of systems (XP, Windows 2000 and 2003 — the Vista/2008 platform isn’t at the same level of risk).
– It is an extraordinary event that pushes Microsoft to do an out-of-band update. This is a big deal for them — each update is tested on a vast number of machines. It underscores the potential seriousness of this vulnerability.
Patch like hell and let’s hope everything will be ok in the morning.