Re: <<Vulnerability in Server Service Could Allow Remote Code Execution >>

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

For what it's worth, we let all of our servers reboot automatically after patch installation.

Don't get me wrong - it's not like we just turn on automatic updates to install & reboot every night. We put patches through internal testing before approving for deployment to production systems, but once they're approved for deployment we let all systems install and reboot automatically during the next scheduled patch window.

We used to be a bit paranoid and manually reboot servers, but that approach doesn't scale well. With several hundred servers to patch, it's just not feasible to log in and reboot each one manually. Simply put, over time the cost of dealing with the occassional issue that may crop up from an automated patch install & reboot is significantly lower than the labor cost of manually rebooting all those systems every month.

--

Chad A. Gross
http://www.msmvps.com/blogs/cgross

"Gary J. Dikkema" <gary_d@xxxxxxx> wrote in message news:uDohZetNJHA.1172@xxxxxxxxxxxxxxxxxxxxxxx
Why would you TRUST a hotfix with performing a REBOOT?

Makes NO sense to me...



"Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:%23zJ88%23WNJHA.2760@xxxxxxxxxxxxxxxxxxxxxxx
Susan Bradley <sbradcpa@xxxxxxxxxxx> wrote:
Susan Bradley wrote:
Lanwench [MVP - Exchange] wrote:
Dave Nickason [SBS MVP] <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote:
FYI, I have installed this update on my SBS 2003 and a WS03 64-bit
member server, with no unexpected results in either case. It does
require a reboot.

You can run it with /norestart :-)

"Susan Bradley" <sbradcpa@xxxxxxxxxxx> wrote in message
news:%23iRgwKTNJHA.276@xxxxxxxxxxxxxxxxxxxxxxx
This security update resolves a privately reported vulnerability
in the Server service. The vulnerability could allow remote code
execution if an affected system received a specially crafted RPC
request. On Microsoft Windows 2000, Windows XP, and Windows Server
2003 systems, an attacker could exploit this vulnerability without
authentication to run arbitrary code. It is possible that this
vulnerability could be used in the crafting of a wormable exploit.
Firewall best practices and standard default firewall
configurations can help protect network resources from attacks
that originate outside the enterprise perimeter. This security
update is rated Critical for all supported editions of
Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated
Important for all supported editions of Windows Vista and Windows
Server 2008. For more information, see the subsection, *Affected
and Non-Affected Software*, in this section.

The security update addresses the vulnerability by correcting the
way that the Server service handles RPC requests. For more
information about the vulnerability, see the Frequently Asked
Questions (FAQ) subsection for the specific vulnerability entry
under the next section, *Vulnerability Information*.

*Recommendation.* Microsoft recommends that customers apply the
update immediately

Microsoft Security Bulletin MS08-067 - Critical: Vulnerability in
Server Service Could Allow Remote Code Execution (958644):
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx?pf=true




Given that it requires a reboot, I'm sure you aren't protected until
you restart.
Just confirmed by MSRC, you must reboot.

Rats.





.

Quantcast