Remotely Exploitable Vulnerability Found in Windows

Apparently a vulnerability exists in all versions of Microsoft Windows starting with 2000 SP4 (yes, that includes Vista, Vista 64 and Server 2008) that could allow a remote attacker to execute arbitrary code on an affected system. Microsoft is taking the highly unusual step of “pre-announcing” the patch, which is due out tomorrow. The only possible use for such a pre-announcement (which is very short on details) is that Microsoft wants to impress upon everyone that the bug is a very big deal indeed.

No details are forthcoming for now, however. A webcast is scheduled for a couple hours from now.

It remains to be seen whether the podcast will contain enough details to kickstart a reverse-engineering process, as in the Kaminsky announcement fiasco. Anyway, if you own or administer a windows computer or network and are curious as to what exactly might happen to it and how it might be exploited between today and tomorrow, you may wish to follow the link.

We’ll update this story as more details become available.

UPDATED :

The vulnerability allows the crafting of special RPC requests which upon
receipt allow unauthenticated users to trigger the execution of arbitrary code on affected systems.

The flaw is being exploited in the wild by a worm whose payload is detected by BitDefender under the name Win32.Worm.Gimmiv.A .