This morning Microsoft released an out-of-band security update -MS08-067 -for a vulnerability in the Server service. This issue is tracked asBugTraq ID 31874. Thisissue affects all supported versions of the Windows operating system.Theweakness allows an attacker to effectively take complete control of avulnerable system. It is imperative that end users apply the patch fromMicrosoft as soon as possible.While we haven't seen widespreadexploitation of this issue, there have been reports of a certain file, "n2.exe," being downloaded on compromised computers. This file copiesanother piece of malicious code onto the compromised computer. Symantecproducts already detect both of these files as Infostealer.Eversince we were able to get our hands on the vulnerability details wehave been analyzing the exploit mechanism with the intent of providingprotection for our customers. We will be publishing signature updateswithin the next few hours to detect attacks trying to exploit thisvulnerability.Updates will be made to this blog article when signature updates have been published. Stay tuned!
Update
Two IPS signatures, 23179 - "MSRPC Server Service BO" and 23180 - "MSRPC Server Service BO2," as well as an AV signature for Bloodhound.Exploit.212 went out in response to the Microsoft out-of-bound patch release today.A second MDD certified daily build that contains Bloodhound.Exploit.212 will be released around midnight Pacific time. The version number for the second MDD is 20081023 rev.41 (sequence: 87199).