US-CERT: United States Computer Emergency Readiness Team
National Cyber Alert System
Cyber Security Alert SA08-297A
Last revised: --
Source: US-CERT
Last updated October 24, 2008
Cyber Security Alert SA08-297A
Microsoft Windows Server Service Vulnerability
Original release date: October 23, 2008Last revised: --
Source: US-CERT
Systems Affected
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Vista
Overview
Microsoft has released updates that address a vulnerability in Microsoft Windows 2000, Windows XP, and Windows Vista.
Solution
Install updates
Microsoft has released updates to address this vulnerability. The updates are available on the Microsoft Update site. We recommend enabling Automatic Updates.
Description
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash. Since the Server service runs with SYSTEM privileges, an attacker could take complete control of a vulnerable system.
References
- US-CERT Vulnerability Note VU#827267 - <http://www.kb.cert.org/vuls/id/827267>
- Microsoft Security Bulletin MS08-067 - <http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx>
- Microsoft Update - <https://update.microsoft.com/>
- Windows Update: Automatic Update <http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx>
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
October 23, 2008: Initial release
Get Adobe Reader