According to the sunbelt blog, they have copies of the current Trojans. >From Rod's post to the list: http://sunbeltblog.blogspot.com/2008/10/just-some-comments-on-ms08-067.h tml
" Thursday, October 23, 2008 Just some comments on MS08-067 I was stuck in meetings today and didn't get a chance to write much more than I did earlier. Just some quick notes on MS08-067. - We have samples in-house of the trojans in-the-wild that are being used in targeted attacks, taking advantage of this exploit. These are currently only targeted attacks, not being used broadly by malware authors. - It is not a light thing. The urgency is quite real - unpatched, you've got the spectre of another SQL Slammer, Code Red type of scenario if the malware writers create a worm. The other issue with this patch is that it affects a broad number of systems (XP, Windows 2000 and 2003 -- the Vista/2008 platform isn't at the same level of risk). - It is an extraordinary event that pushes Microsoft to do an out-of-band update. This is a big deal for them - each update is tested on a vast number of machines. It underscores the potential seriousness of this vulnerability. Patch like hell and let's hope everything will be ok in the morning. Alex Eckelbery posted by Sunbelt Software Blog at 4:40 PM | Permalink" - John Barsodi -----Original Message----- From: Liu, David [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 2:17 PM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned Has anyone spoken abut the attack vector(s) or seen any reports from reputable AV vendors re; live specimen of this buggeR? > -----Original Message----- > From: Barsodi.John [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 5:16 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > They have their own testing of each patch. Kind of like a safety, in > case it blows something up. > > - John Barsodi > > -----Original Message----- > From: Joseph L. Casale [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:14 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > Why won't Shavlik release it to you for 6 hours? > > -----Original Message----- > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 3:03 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > 75 servers patched no issues, > ( going to be here most of the night since Shavlik wont released the > patch to me until 6 hrs from now, so its manual patchin) > > Hell yeah its super-important > > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP,Security+,Network+,CCA > Phone: 401-639-3505 > > -----Original Message----- > From: Michael B. Smith [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 4:59 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > 180 servers and counting...no issues. > > Obviously, _I_ think it's important... > > Regards, > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP > My blog: http://TheEssentialExchange.com/blogs/michael > Link with me at: http://www.linkedin.com/in/theessentialexchange > > -----Original Message----- > From: Sam Cayze [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 4:52 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay > tuned > > Yikes, this even affects Win 2008 CORE?!?! > > Thanks for the info on deadlines :) > > Sam > > > > -----Original Message----- > From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:59 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > It also overcomes the issue of any users that may have admin > privileges. > Without a Deadline set, they can continue to select install later when > prompted that updates are available. > Of course none of us EVER let anyone on our networks run with admin > rights. ;-) TVK > > -----Original Message----- > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:55 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > I set that on my template in Shavlik, if you don't reboot its going to > force reboot you and u don't have a choice, nor can they kill the > service, either. > > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP,Security+,Network+,CCA > Phone: 401-639-3505 > > -----Original Message----- > From: Sam Cayze [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 3:45 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > Soo... What's this whole 'Deadline' thing in WSUS, is this one of those > times to use it? Does it overide users prograstinating about > installs/reboots? > > No biggie, I can google it too, but it you have thoughts to share, it > would be nice. > > S > > -----Original Message----- > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:12 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > LOL this whole scenario is wrong: () Git-Er-Done and lets get patchin > :) > > > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP,Security+,Network+,CCA > Phone: 401-639-3505 > > -----Original Message----- > From: Phil Thompson [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 3:09 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > My mistake.. I like your saying, I'll have to use that some time. > > > -----Original Message----- > From: Carl Houseman [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 3:07 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > I can click on "Windows XP Service Pack 3" in that bulletin and I am > taken to a download page for the update. > Same for WS03 SP2. > > Please don't insist on being wrong. > > Carl > > -----Original Message----- > From: Phil Thompson [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:43 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx > > > > Phil > -----Original Message----- > From: Carl Houseman [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:33 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > Q: How did you come to that conclusion? > > A: You're looking at the "bulletins replaced by" column. > > Reading is fundamental.. > > -----Original Message----- > From: Phil Thompson [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:27 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > Must not affect W03 sp2 or XP sp3, there's no update for them.. > > Phil > > -----Original Message----- > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 1:58 PM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch to be released today, > stay tuned > > Its out and its NASTY// > > MS08-067, publically being exploited right now, unauthenticted remote > code execution against the server service, smells like a network worm > with mass exploitation vulnerabilities to me. > > Happy patch Thrusday, just hope you don't get hacked by Friday... > > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP,Security+,Network+,CCA > Phone: 401-639-3505 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
