Hmm - I check MS06-040 again, and I don't think they are the same "type" of issue.
The current bug is in the NetCanonicalize API - not in the Server service. It's just that the server service is a route to get to that bug - because it calls that API. But it's entirely possible for /other/ applications to also call that API. Just use Process Explorer, and see how many applications are using Netapi32.dll - I think you'll find it's a lot. Any of these /might/ also call that API, and become a vector for compromise. Cheers Ken > -----Original Message----- > From: Ken Schaefer [mailto:[EMAIL PROTECTED] > Sent: Monday, 27 October 2008 9:28 AM > To: NT System Admin Issues > Subject: RE: Out of Cycle Critical Windows Patch ? > > According to the SDL blog, this is why this particular issue is not easy to > discover, especially using automated analysis: > http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx > > Cheers > Ken > > > -----Original Message----- > > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > > Sent: Monday, 27 October 2008 12:45 AM > > To: NT System Admin Issues > > Subject: RE: Out of Cycle Critical Windows Patch ? > > > > Yeah someone lit a fire under MSFT arse and they got with the program on > > this one, but only after they detected systems getting exploited in the > > wild. Why they didn't determine this flaw back when they patched 06-040 > > for the same type of issue we probably will never know... > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP,Security+,Network+,CCA > > Phone: 401-639-3505 > > > > -----Original Message----- > > From: Kurt Buff [mailto:[EMAIL PROTECTED] > > Sent: Friday, October 24, 2008 8:08 PM > > To: NT System Admin Issues > > Subject: Re: Out of Cycle Critical Windows Patch ? > > > > Taking this in a slightly different direction... > > > > I told the IT Director and COO yesterday that I was patching all > > servers, and sending an email to all of the laptop users to do the > > same. > > > > They were a bit skeptical, but not only did the emails that I > > forwarded them from various lists buttress my opinion, this morning I > > got forwarded a voicemail by the IT Director, from a rep at MSFT. Gist > > of the message - MSFT is taking this extremely seriously, and you > > should patch now. > > > > Director's comments was "nice job, good of you to jump on this." > > > > Anyone else get a call like this from MSFT? It's the first time I've > > heard of them doing this, and I take it as a really good sign - MSFT > > is finally getting the real clue about this stuff. > > > > Kurt > > > > On Fri, Oct 24, 2008 at 3:52 AM, Oliver Marshall > > <[EMAIL PROTECTED]> wrote: > > > Chaps, > > > > > > The update that was sent out last night, has that caused any issues > > > elsewhere? We've had a spate of calls from users about problems today, > > > several servers which were set to auto-update for various reasons have > > > had varying levels of failure. It's mentally busy here for a Friday, > > and > > > the one thing they have in common is that all the machine rebooted for > > > an update last night. > > > > > > Is it just us ? > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
