Out Of Band Patch:

Just hit WU and it was the only patch/update there, installed and rebooted, done.

Thanks for the heads up...
 
Interestingly, this patch is rated critical for XP, but only important for Vista/2008. Just goes to show how Vista has been improved, security wise.
 
devil22 said:
Interestingly, this patch is rated critical for XP, but only important for Vista/2008. Just goes to show how Vista has been improved, security wise.
Click to expand...

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Regaurding Vista, according to this "This vulnerability is not liable to be triggered if the attacker is not authenticated." Not that its impossible. I guess the reasoning is that you'd have to piggy back this attack on an authentication attack.

That said, 10 years ago, Microsoft was a laughing stock when it came to security and today they are a lot better without doubt.
 
heatlesssun said:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Regaurding Vista, according to this "This vulnerability is not liable to be triggered if the attacker is not authenticated." Not that its impossible.
Click to expand...

From MS's more indepth security blog "Security Vulnerability Research & Defense", http://blogs.technet.com/swi/.

The following is from the section, "UAC mitigates even when the prompting is disabled"

"There is a non-default scenario where a non-domain-joined Windows Vista and Windows Server 2008 can be exploited anonymously. If the feature “Password Protected Sharing” is disabled, anonymous connections come in at “Medium” integrity level. Because "Medium" integrity level is a higher integrity level than "Low", the integrity level check will succeed. "

If your machine is part of a domain, or if you don't have "Password protected sharing disabled", the attacker must successfully authenticate to the machine to exploit it if you are using Vista or Windows 2008 server, even if UAC prompts are disabled.
 
You must log in or register to reply here.
Back
Top