Microsoft tiene bien establecidos sus
Patch Tuesday, por lo que es muy muy raro verles lanzar actualizaciones en otro día, pero ayer lanzaron ésta actualización critica.
Se ve qu eles preocubava ya que afecta incluso a las versiones server 20003 y Xp SP3.
Executive Summary
This security update resolves a privately reported
vulnerability in the Server service. The vulnerability could allow remote code
execution if an affected system received a specially crafted RPC request. On
Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker
could exploit this vulnerability without authentication to run arbitrary code.
It is possible that this vulnerability could be used in the crafting of a
wormable exploit. Firewall best practices and standard default firewall
configurations can help protect network resources from attacks that originate
outside the enterprise perimeter.
This security update is rated Critical
for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server
2003, and rated Important for all supported editions of Windows Vista and
Windows Server 2008. For more information, see the subsection, Affected and
Non-Affected Software, in this section.
The security update addresses
the vulnerability by correcting the way that the Server service handles RPC
requests. For more information about the vulnerability, see the Frequently Asked
Questions (FAQ) subsection for the specific vulnerability entry under the next
section, Vulnerability Information.
Recommendation. Microsoft recommends
that customers apply the update immediately.