Very serious patch came out from Microsoft today. Unless you are running Vista or Windows Server 2008 anyone, and I mean anyone, who can touch the RPC port on your machine can hurt you. Be safe, go to Microsoft or Windows Update and update your machines now. Or if you are an IT type you know what you need to do in your organization.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
UPDATE:
http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx – According to this MSFT first started seeing this vulnerability being used 2 weeks ago!!!! That is how they detected it. PATCH PATCH PATCH.
CLARIFICATION: Note that Vista and Windows Server 2008 are vulnerable to AUTHENTICATED USERS, this is better than the full anonymous access that the other versions of the OS are vulnerable to but you still need to patch. So if you are trying to prioritize, everything pre-Vista goes first because ANYONE can touch them. Then Vista/K8 because only authenticated users can attack those and that is a little better. Note though there is one circumstance where anonymous works on Vista/K8. If the machine isn’t in a domain and you have password protected sharing enabled. This blog post can give more detail. http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
I think you meant “even if you are running Vista or Windows Server 2008” didn’t you?
Recommendation is that you should patch those OS’s as well.
Good post Joe, and thanks for all the traffic on activedir about this patch. Most people heed your advice so I’m sure there will be a lot of patching based on your posts today.