Microsoft out-of-band Security Bulletin Release

Apparently Microsoft is releasing an out-of-band security bulletin tomorrow. The only information I can glean is that it’s Critical (obviously) it involves Windows (almost as obvious, but I guess it could have been IIS or SQL instead of the OS), and it involves remote code execution.

Anyone have any insights? Details? Rumors?

Microsoft is not in the habot of doing out-of-band releases – I don’t remember them ever doing one.

What do you mean by ‘out-of-band’? Not through the usual channels?

Microsoft has a usual method and schedule for releasing security bulletins and patches. This is outside that schedule. It’s unusual enough that they’re doing a webcast this afternoon to explain the issue, apparently – registration for which is already full.

He means that the security patch isn’t being released on Microsoft’s Patch Tuesday (2nd Tuesday of each month). These “out-of-band” releases are always done to fix critical vulnerabilities that are already being exploited.

This patch seems to relate to SMB (Windows file sharing).

See link for slightly more detail: http://www.intelliadmin.com/blog/2008/10/smb-vulnerablity-found-emergency-patch.html

Ah, okay, thanks. The linked article described it as an ‘out-of-cycle’ release, which is a clearer expression. To me, ‘out of band’ means through a different medium or channel than usual, niot at a different time.

But that alert addresses an existing patch: MS08-063.

Ooh, this looks like a bad one. Reading between the lines of this and this, it looks like any Windows computer that has file sharing enabled is vulnerable. And by vulnerable, I mean “attackers can do pretty much anything to your machine.” Given the huge numbers of computers that use file shares, it’s no wonder MS is publishing an out-of-cycle patch.

::shrugs::

Here is another article with some more detail about the patch… Apparently it has to do with the Windows Server service.

I’m updating, but I don’t feel too worried myself, because I’m assuming that the attacker would need to have SMB visibility to the computer. Neither my ISP nor my home router let SMB through I believe - I use it internally on my home network, but that’s it. (And the wireless on the router is disabled.)

Gonna mention it to the IT guy here at work.

What time of day do they release the updates? I’m thinking it would be good for ME to install updates on the second Wednesday since I do it early in the morning (converts to 1pm GMT)