=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN459
_____________________________________________________________________

DATE                      : 24/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Microsoft Windows 2000, Windows XP, Windows
                            Server 2003, Windows Vista,
                            Windows Server 2008 running Server Service.

======================================================================
KB958644
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-067  Critical

Vulnerability in Server Service Could Allow Remote Code Execution (958644)

   Published: October 23, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves a privately reported vulnerability in
   the Server service. The vulnerability could allow remote code
   execution if an affected system received a specially crafted RPC
   request. On Microsoft Windows 2000, Windows XP, and Windows Server
   2003 systems, an attacker could exploit this vulnerability without
   authentication to run arbitrary code. It is possible that this
   vulnerability could be used in the crafting of a wormable exploit.
   Firewall best practices and standard default firewall configurations
   can help protect network resources from attacks that originate
   outside the enterprise perimeter.

   This security update is rated Critical for all supported editions of
   Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated
   Important for all supported editions of Windows Vista and Windows
   Server 2008.

   The security update addresses the vulnerability by correcting the way
   that the Server service handles RPC requests.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

Vulnerability Information

Server Service Vulnerability - CVE-2008-4250

   A remote code execution vulnerability exists in the Server service on
   Windows systems. The vulnerability is due to the service not properly
   handling specially crafted RPC requests. An attacker who successfully
   exploited this vulnerability could take complete control of an
   affected system.

Workarounds for Server Service Vulnerability - CVE-2008-4250

   Disable the Server and Computer Browser services
   On Windows Vista and Windows Server 2008, filter the affected RPC
   identifier Block TCP ports 139 and 445 at the firewall
   To help protect from network-based attempts to exploit this
   vulnerability, use a personal firewall, such as the Internet
   Connection Firewall.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================