View Full Version : SO, I just got this e-mail from my Hotmail account

October 24th, 2008, 09:04 PM
Buenos Aires on October 24, 2008

Yesterday, as part of its commitment to the security of users and customers in order to protect them from potential attacks, Microsoft released a security update on a vulnerability in all supported versions of Windows. This resolves a vulnerability found by the company as part of normal procedures of supervision and monitoring on security.

Microsoft learned of these attacks against Windows XP in the past two weeks. As this threat was detected, an investigation was opened. The results indicated that there were limited and targeted attacks by a new vulnerability that was discovered in the Windows platform. In the meantime, we began the process of Incident Response Security Software Microsoft to investigate this issue and developed a security update to attend.

The effects of this vulnerability allows remote code execution if a user receives a package designed especially for the attack. In Windows 2000, Windows XP and Windows Server 2003, the attacker can exploit this vulnerability without authentication to run arbitrary code. It may be possible to use this vulnerability in the development of a worm. Within Windows Vista and Windows Server 2008, the vulnerability has a lower probability of occurrence, because it can only be exploited by a package authenticated, the User Account Control (UAC) and User Account Control and Windows firewall. That is, the architecture of enhanced security in Windows Vista reduces the likelihood of a successful exploitation of the vulnerability.

The security update MS08-067 is classified with a maximum level of "Critical" for Windows systems and it is very important to ensure the following steps to protect yourself:

* Run Windows Update and install Security Update no. KB958644
* Enable a firewall, turn on the Automatic Updates and install an antivirus software
* Find more information in order to remain protected: http://www.microsoft.com/latam/seguridad/default.aspx

We would also like to recommend continuing the practice of responsible disclosure of vulnerabilities, it is commonly accepted and that will help us to assure complete updates and high quality for security vulnerabilities by reducing the risk of exposure to malicious attackers.
With this timely response from the Center for Security Incident Response Software from Microsoft and its support, we can prevent unintended consequences

Thank you very much for your attention
Microsoft Argentina
(sorry if the text is difficult to comprend, I translated it from Spanish using Google translate)

So, it seems that there have been attacks on Windows XP some time ago, Microsoft "found out" two weeks ago and today they released the patch. It also says that I should change to Windows Vista because of its architecture of enhanced security, that makes the bug less occurrent (thought not inexistent).

This is why I love Linux.

October 24th, 2008, 09:10 PM
Yeah, I'm so glad to have waved goodbye to all that crap and paranoia.


October 24th, 2008, 09:11 PM

This says that it affects vista too.

October 24th, 2008, 09:13 PM
Microsoft learned of these attacks against Windows XP in the past two weeks

They only just found out, eh? Good to see they've got their eye on the ball...