Microsoft Releases Emergency Critical Patch

Dear Clients & Associates

Please read this notice and/or forward it to the appropriate person.

Subject: Microsoft Releases Emergency Critical Patch

Microsoft issued an emergency critical update Thursday (10-23-08) addressing a malicious Internet worm that could allow attackers to infiltrate systems remotely and take control over users' computers without any user interaction.

Typically, Microsoft issues regularly scheduled updates on the second Tuesday of every month. The fact they released what is known as an "out-of-band" patch indicates that they believe the vulnerability could be severe.

This vulnerability, which affects almost every Windows operating system, is rated critical for multiple versions of Windows 2000, XP and Server 2003, but is given the less severe rating of "important" for Vista and Server 2008.

If left unpatched, this vulnerability could allow remote attackers to infiltrate systems in order to take control of users' computers and steal data without any contact with a user. Once a machine is infected, it has the ability to rapidly spread to other vulnerable computers within the network.

While all of TrustPoints Support Clients are protected by internet firewalls and End-Point Security Software, we haven’t seen any information on the possible vectors of attack. We don’t know if the current exploits were direct, or if they were delivered via web-browsing, email, instant messenger, etc. And we certainly can’t be sure about the status of PCs that are brought into the office from the outside. Once an infected machine is on the network, it will attempt to infect others.

We typically test any updates first, because on occasion a Microsoft update can cause issues with a system in general and application software in particular. In this case, we will be updating all server and workstations asap. If you are not a Support Client or you don’t keep up on patches, we suggest you consider applying at least this one patch as soon as possible. If you are concerned about your application software, please contact their support staff or website for information. Please be advised that some Microsoft Patches will require a reboot of the system to finalize installation.

If you have any questions on this issue, how it applies to your environment or how to apply the patch, please contact your assigned Engineer, our HelpDesk at 440-325-2102 or me directly at 440-325-2101.

For more information on this vulnerability please visit:

http://www.sophos.com/support/knowledgebase/article/47804.html

http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx


Regards,

Dave

440-325-2101