Microsoft Security Bulletin MS08-067

In an attempt to keep this post short and sweet I will cover a few of the basics regarding this bulletin. Microsoft discovered a remote code execution flaw in the Server service on versions of Windows 2000 and up. Originally, this flaw was exploitable only if your system had ports 139 and 445 exposed to the net. Fast forward to today, and there are virus’ embedded in numerous files including keygens, cracks, and various forms of email attachments. In short, the patch is necessary on all systems in your organization even if the above mentioned ports are closed. Microsoft’s announcement is here.

Please be aware that out of 15 servers that I initially patched, 2 became unavailable after rebooting to apply the patch. The systems that had this problem had no obvious similarities that I could detect. After the reboot communications to and from the server being blocked/prevented. Pinging another host on the same LAN from the server was not even possible. Removing the patch and rebooting resolved the issue on both servers. After that, I reinstalled the patch, rebooted and everything is working properly.

–Himuraken