wow makasih pak atas infonya, sangat bermanfaat.
On 10/24/08, �暧疴� (Ryo Saeba) <[EMAIL PROTECTED]> wrote:
> ada critical patch yang baru banget dirilis.
>
> http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
>
> TechNet Home <http://technet.microsoft.com/> > TechNet
> Security<http://technet.microsoft.com/security/default.aspx>>
> Bulletins <http://www.microsoft.com/technet/security/current.aspx>
> Microsoft Security Bulletin MS08-067 �C CriticalVulnerability in Server
> Service Could Allow Remote Code Execution (958644) Published: October 23,
> 2008
>
> *Version:* 1.0
> General InformationExecutive Summary
>
> This security update resolves a privately reported vulnerability in the
> Server service. The vulnerability could allow remote code execution if an
> affected system received a specially crafted RPC request. On Microsoft
> Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could
> exploit this vulnerability without authentication to run arbitrary code. It
> is possible that this vulnerability could be used in the crafting of a
> wormable exploit. Firewall best practices and standard default firewall
> configurations can help protect network resources from attacks that
> originate outside the enterprise perimeter.
>
> This security update is rated Critical for all supported editions of
> Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important
> for all supported editions of Windows Vista and Windows Server 2008. For
> more information, see the subsection, *Affected and Non-Affected Software*,
> in this section.
>
> The security update addresses the vulnerability by correcting the way that
> the Server service handles RPC requests. For more information about the
> vulnerability, see the Frequently Asked Questions (FAQ) subsection for the
> specific vulnerability entry under the next section, *Vulnerability
> Information*.
>
> *Recommendation.* Microsoft recommends that customers apply the update
> immediately.
>
> *Known Issues.* None
> [image: Top of
> section]<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx#ENB>Top
> of
> section<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx#ENB>
> Affected and Non-Affected Software
>
> The following software have been tested to determine which versions or
> editions are affected. Other versions or editions are either past their
> support life cycle or are not affected. To determine the support life cycle
> for your software version or edition, visit Microsoft Support
> Lifecycle<http://go.microsoft.com/fwlink/?LinkId=21742>
> .
>
> *Affected Software*
> Operating SystemMaximum Security ImpactAggregate Severity Rating Bulletins
> Replaced by this Update
>
> Microsoft Windows 2000 Service Pack
> 4<http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2-9775-6F43C5C2AED3>
>
> Remote Code Execution
>
> Critical
>
> MS06-040 <http://go.microsoft.com/fwlink/?LinkId=70299>
>
> Windows XP Service Pack
> 2<http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03>
>
> Remote Code Execution
>
> Critical
>
> MS06-040 <http://go.microsoft.com/fwlink/?LinkId=70299>
>
> Windows XP Service Pack
> 3<http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03>
>
> Remote Code Execution
>
> Critical
>
> None
>
> Windows XP Professional x64
> Edition<http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25>
>
> Remote Code Execution
>
> Critical
>
> MS06-040 <http://go.microsoft.com/fwlink/?LinkId=70299>
>
> Windows XP Professional x64 Edition Service Pack
> 2<http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25>
>
> Remote Code Execution
>
> Critical
>
> None
>
> Windows Server 2003 Service Pack
> 1<http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D>
>
> Remote Code Execution
>
> Critical
>
> MS06-040 <http://go.microsoft.com/fwlink/?LinkId=70299>
>
> Windows Server 2003 Service Pack
> 2<http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D>
>
> Remote Code Execution
>
> Critical
>
> None
>
> Windows Server 2003 x64
> Edition<http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400>
>
> Remote Code Execution
>
> Critical
>
> MS06-040 <http://go.microsoft.com/fwlink/?LinkId=70299>
>
> Windows Server 2003 x64 Edition Service Pack
> 2<http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400>
>
> Remote Code Execution
>
> Critical
>
> None
>
> Windows Server 2003 with SP1 for Itanium-based
> Systems<http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF>
>
> Remote Code Execution
>
> Critical
>
> MS06-040 <http://go.microsoft.com/fwlink/?LinkId=70299>
>
> Windows Server 2003 with SP2 for Itanium-based
> Systems<http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF>
>
> Remote Code Execution
>
> Critical
>
> None
>
> Windows Vista and Windows Vista Service Pack
> 1<http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C-CAC7D8713B21>
>
> Remote Code Execution
>
> Important
>
> None
>
> Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack
> 1<http://www.microsoft.com/downloads/details.aspx?familyid=A976999D-264F-4E6A-9BD6-3AD9D214A4BD>
>
> Remote Code Execution
>
> Important
>
> None
>
> Windows Server 2008 for 32-bit
> Systems<http://www.microsoft.com/downloads/details.aspx?familyid=25C17B07-1EFE-43D7-9B01-3DFDF1CE0BD7>
> *
>
> Remote Code Execution
>
> Important
>
> None
>
> Windows Server 2008 for x64-based
> Systems<http://www.microsoft.com/downloads/details.aspx?familyid=7B12018E-0CC1-4136-A68C-BE4E1633C8DF>
> *
>
> Remote Code Execution
>
> Important
>
> None
>
> Windows Server 2008 for Itanium-based
> Systems<http://www.microsoft.com/downloads/details.aspx?familyid=2BCF89EF-6446-406C-9C53-222E0F0BAF7A>
>
> Remote Code Execution
>
> Important
>
> None
>
> **Windows Server 2008 server core installation affected.* For supported
> editions of Windows Server 2008, this update applies, with the same severity
> rating, whether or not Windows Server 2008 was installed using the Server
> Core installation option. For more information on this installation option,
> see Server
> Core<http://msdn.microsoft.com/en-us/library/ms723891%28VS.85%29.aspx>.
> Note that the Server Core installation option does not apply to certain
> editions of Windows Server 2008; see Compare Server Core Installation
> Options<http://www.microsoft.com/windowsserver2008/en/us/compare-core-installation.aspx>
> .
> [image: Top of
> section]<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx#ECC>Top
> of
> section<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx#ECC>
> Frequently Asked Questions (FAQ) Related to This Security Update
>
> *Where are the file information details?*
> The file information details can be found in Microsoft Knowledge Base
> Article 958644 <http://support.microsoft.com/kb/958644>.
>
> *Is the Windows 7 Pre-Beta release affected by this vulnerability?*
> Yes. This vulnerability was reported after the release of Windows 7
> Pre-Beta. Customers running Windows 7 Pre-Beta are encouraged to download
> and apply the update to their systems. On Windows 7 Pre-Beta systems, the
> vulnerable code path is only accessible to authenticated users. This
> vulnerability is not liable to be triggered if the attacker is not
> authenticated, and therefore would be rated Important.
>
> Security updates are available from Microsoft
> Update<http://go.microsoft.com/fwlink/?LinkID=40747>,
> Windows Update <http://go.microsoft.com/fwlink/?LinkId=21130>, and Office
> Update <http://go.microsoft.com/fwlink/?LinkId=21135>. Security updates are
> also available from the Microsoft Download
> Center<http://go.microsoft.com/fwlink/?LinkId=21129>.
> You can find them most easily by doing a keyword search for "security
> update."
>
> *I am using an older release of the software discussed in this security
> bulletin. What should I do?*
> The affected software listed in this bulletin have been tested to determine
> which releases are affected. Other releases are past their support life
> cycle. To determine the support life cycle for your software release,
> visit Microsoft
> Support Lifecycle <http://go.microsoft.com/fwlink/?LinkId=21742>.
>
> It should be a priority for customers who have older releases of the
> software to migrate to supported releases to prevent potential exposure to
> vulnerabilities. For more information about the Windows Product Lifecycle,
> visit Microsoft Support
> Lifecycle<http://go.microsoft.com/fwlink/?LinkId=21742>.
> For more information about the extended security update support period for
> these software versions or editions, visit Microsoft Product Support
> Services <http://go.microsoft.com/fwlink/?LinkId=33328>.
>
> Customers who require custom support for older releases must contact their
> Microsoft account team representative, their Technical Account Manager, or
> the appropriate Microsoft partner representative for custom support options.
> Customers without an Alliance, Premier, or Authorized Contract can contact
> their local Microsoft sales office. For contact information, visit Microsoft
> Worldwide Information <http://go.microsoft.com/fwlink/?LinkId=33329>, select
> the country, and then click *Go* to see a list of telephone numbers. When
> you call, ask to speak with the local Premier Support sales manager. For
> more information, see the Windows Operating System Product Support Lifecycle
> FAQ <http://go.microsoft.com/fwlink/?LinkId=33330>.
> [image: Top of
> section]<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx#ECCAC>Top
> of
> section<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx#ECCAC>
> Vulnerability Information Severity Ratings and Vulnerability
> Identifiers Vulnerability
> Severity Rating and Maximum Security Impact by Affected Software Affected
> SoftwareServer Service Vulnerability - CVE-2008-4250Aggregate Severity
> Rating
>
> Microsoft Windows 2000 Service Pack 4
>
> *Critical*
> Remote Code Execution
>
> *Critical*
>
> Windows XP Service Pack 2 and Windows XP Service Pack 3
>
> *Critical*
> Remote Code Execution
>
> *Critical*
>
> Windows XP Professional x64 Edition and Windows XP Professional x64 Edition
> Service Pack 2
>
> *Critical*
> Remote Code Execution
>
> *Critical*
>
> Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
>
> *Critical*
> Remote Code Execution
>
> *Critical*
>
> Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service
> Pack 2
>
> *Critical*
> Remote Code Execution
>
> *Critical*
>
> Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server
> 2003 with SP2 for Itanium-based Systems
>
> *Critical*
> Remote Code Execution
>
> *Critical*
>
> Windows Vista and Windows Vista Service Pack 1
>
> *Important*
> Remote Code Execution
>
> *Important*
>
> Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
>
> *Important*
> Remote Code Execution
>
> *Important*
>
> Windows Server 2008 for 32-bit Systems*
>
> *Important*
> Remote Code Execution
>
> *Important*
>
> Windows Server 2008 for x64-based Systems*
>
> *Important*
> Remote Code Execution
>
> *Important*
>
> Windows Server 2008 for Itanium-based Systems
>
> *Important*
> Remote Code Execution
>
> *Important*
>
> **Windows Server 2008 server core installation affected.* For supported
> editions of Windows Server 2008, this update applies, with the same severity
> rating, whether or not Windows Server 2008 was installed using the Server
> Core installation option. For more information on this installation option,
> see Server
> Core<http://msdn.microsoft.com/en-us/library/ms723891%28VS.85%29.aspx>.
> Note that the Server Core installation option does not apply to certain
> editions of Windows Server 2008; see Compare Server Core Installation
> Options<http://www.microsoft.com/windowsserver2008/en/us/compare-core-installation.aspx>
> .
>
> --
> things left unsaid, http://ryosaeba.wordpress.com
> maxgain scams, http://maxgain.wordpress.com
>
>
> [Non-text portions of this message have been removed]
>
>
> ------------------------------------
>
> --
> www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
> Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
>
> Yahoo! Groups Links
>
>
>
>
------------------------------------
--
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ITCENTER/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ITCENTER/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
