Good Afternoon, For those of you who are not already aware, CCIP would like to bring your attention the the Critical Microsoft Security Bulletin MS08-067 that was released today: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx Microsoft have announced a vulnerability in the Server Service that could allow remote code execution. Administrators are advised to patch immediately. Microsoft have reported limited, targeted attacks attempting to exploit the vulnerability. CCIP has been made aware of two exploits that have been developed so far for this vulnerability since its release this morning. CCIP is concerned that a worm may be developed that would utilise these exploits. AusCERT have a writeup on their website: http://www.auscert.org.au/render.html?it=10008 There is also a detailed writeup on Microsoft's Security Vulnerability Research & Defense Blog: http://blogs.technet.com/swi/archive/2008/10/23/more-detail-about-ms08-067.a... Regards, The CCIP Team -- Centre for Critical Infrastructure Protection Government Communications Security Bureau P: +64 4 498 7654 F: +64 4 498 7655 E: info(a)ccip.govt.nz I: www.ccip.govt.nz ===================================================================== If you would like to unsubscribe from CCIP Vulnerability Alerts, Advisories, e-Bulletins, Monthly Reports and Information Notes, Please send an email with 'Unsubscribe' in the subject line to publications(a)ccip.govt.nz ===================================================================== --- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---