Security Provider busy with MS08-067 emergency released

Microsoft Out-of-cycle released emergency MS08-067 patch to public on 23-Oct-08, it makes several security provider like Symantec, Mcafee, Sophos, Trend Micro and etc busy updating their latest advisory page regarding this patch. Some of them, may updating this patch signature or coverage detection to their securiy product.

Basically this critical vulnerability exploited using SMB/RPC session. The vulnerability allow remote code execution if infected system received special RPC request. Fully patched with firewall enabled by default will prevent from this kind of vulnerability attack, however this not cover condition that could expose RPC endpoint according to blog Microsoft Security Vulnerability Research and Defence
- Firewall is disabled
- Firewall is enabled/ but file and printer sharing is enabled

However, you can read more in details from

1. http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
2. http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
3. http://www.symantec.com/security_response/threatconlearn.jsp
4. http://www.trendmicro.com/vinfo/zh-cn/secadvisories/default6.asp?VName=(MS08-067)+Vulnerability+in+Server+Service+Could+Allow+Remote+Code+Execution+(958644)
5. http://www.sophos.com/security/blog/2008/10/1878.html?_log_from=rss
6. http://www.frsirt.com/english/advisories/2008/2902