Thursday, October 23, 2008

Out-of-cycle patch from Microsoft

Microsoft released MS 08-067 as an emergency patch today. The Internet Storm Center has more information.

The big question I always ask with any MS patch is: is it 'wormable'? Could a self-propagating worm be written to exploit this vulnerability, and automatically infect remote systems? We haven't had a widespread one in a few years (going back to the Blaster and Sasser outbreaks).

Based on the patch MS08-067 replaces, MS06-040, my thinking is 'probably wormable'. A variant of the Mocbot bot/worm exploited MS06-040.

My advice: patch now.

No comments: