The Microsoft Security Response Center (MSRC)
It’s been almost five days since we originally released MS08-067, and our tracking shows that security deployments remain strong. We’re also still unaware of any application compatibility issues with this update.
Like we’ve said, we’re continuing to watch the threat environment. Yesterday, we said that our analysis of public exploit code that was available showed it would always result in a denial of service. Today, we’ve identified the public availability of exploit code that now shows code execution for the vulnerability addressed by MS08-067. This exploit code has been shown to result in remote code execution on Windows Server 2003, Windows XP, and Windows 2000 systems. Our investigation has shown that it does not affect customers who have installed the update. We’ve just published Microsoft Security Advisory 958963 to let customers know about this new development.
http://blogs.technet.com/msrc/archive/2008/10/27/microsoft-security-advisory-958963.aspx
Certifiedbug. October 24, 2008.
Microsoft Security Bulletin MS08-067 Critical Update
