New Microsoft Server Service Remote Code Execution Vulnerability (MS08-067)

Overview

Check Point has confirmed a new attack vector related to this previously-announced critical vulnerability. An important SmartDefense update is available to protect against this type of attack.

Details

The vulnerability (CVE-2008-4250) was announced October 23, 2008 in a special, out-of-band, Microsoft Security Bulletin (MS08-067) and affects users of Microsoft Windows based desktops, laptops, and servers (see the full list of vulnerable products). The vulnerability is caused by the Windows Server Service improperly handling specially crafted Remote Procedure Call (RPC) requests.

Protection

An important enhancement to the original SmartDefense Services Update that was released for this vulnerability (on October 23) is now available. The enhancement provides additional protection by enabling SmartDefense to detect and block this recently-confirmed attack vector. Check Point strongly encourages SmartDefense Services users who have not patched this vulnerability to update as soon as possible.

For more information, refer to CPAI-2008-158.