October 24, 2008 (Out-of-Band) Microsoft Security Response Center Security Bulletin Release
What is the purpose of this alert?
Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The software update will be available for download from the Microsoft Update / Windows Update web site from 4am Australian Eastern Daylight Savings Time (AEDST) on Friday, October 24, 2008.
This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. The purpose of this notification is to assist customers with resource planning for this security bulletin release. For more information about security updates, visit https://www.microsoft.com/protect.
For the latest updates on this vulnerability please refer to the Microsoft Security Response Center blog at https://blogs.technet.com/msrc/default.aspx
Anyone believed to have been affected can visit: https://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in the UK.
As an SBSC partner, we recommend you go to https://www.microsoft.com/technet/security for the most current information on this and all security alerts. You may also benefit from signing up for automatic security alerts to ensure you receive timely notification.
Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: https://www.microsoft.com/protect.
New Bulletin Summary
| Bulletin identifier | Windows Bulletin |
| Maximum Severity Rating | Critical |
| Impact of Vulnerability | Remote Code Execution |
| Detection | Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. |
| Restart Requirement | The update requires a restart. |
| Affected Software | Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 |
The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: https://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx.
Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published.