Have You Patched For MS08-067?

The sand has fallen through the hourglass. Time has expired. The reason Microsoft rushed the Critical Security Bulletin MS08-067 out mid-month rather than waiting for the next scheduled Patch Tuesday is that they feared that the flaws in the Server Service identified in MS08-067 could be exploited to create a worm.

Last week there was proof-of-concept code made public which demonstrated how the Server Service vulnerability could be exploited. This week, there are now reports of attacks in the wild. One report claims that the MS08-067 flaws are being exploited to drop a DDoS (Distributed Denial-of-Service) bot dubbed KernelBot. In addition, InformationWeek is reporting that F-Secure has discovered a worm exlpoiting the MS08-067 Server Service flaw circulating in the wild.

Some "sky is falling" predictions have said this flaw could potentially be the next CodeRed or Nimda- the type of catastrophic, Internet-crippling attacks we haven't seen for 5 years. If you haven't already done so, take a look at MS08-067 and apply the appropriate patches to protect your PC (and protect the rest of us from your PC).