On Tuesday, October 28, as I was knocking off for the day, after 11 PM, I noticed that the autoupdate function in Windows Update had posted two more items to my primary production Vista PC. Both look interesting, but so far I’ve had some trouble trying to ferret out more details about one of these two patches.
Here’s what I know so far:
- One of the items is a security update, labeled MS08-062 and is entitled “Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution.” Interestingly, the security bulletin is dated October 14, and it documents a serious vulnerability in the seldom-used Internet Printing Service–or rather, the IPP protocol and the Internet Printing Client that this service uses–that Vista installs by default (see this vulnerability report dated October 14 for more info on the vulnerability details; this MS White paper describes how Internet Printing works inside Vista; note further that this vulnerability applies to Windows 2000, Windows Server 2003 and 2008, and Windows XP as well). Basically an integer overflow in this service lets attackers run arbitrary code at system level privilege: a proof-of-concept exploit is known, and several “active, in-the-wild exploit attempts of this type have been detected.” If you don’t use Internet Printing, you can follow the instructions in the MS White paper to turn off the Internet Printing Client in Vista instead (under Printing Services, Turn Windows features on or off, Programs and Features, Control Panel).
- More interesting, and more mysterious is the other item: a “reliability update” for Windows Vista described in a currently unavailable Knowledge Base article (KB957200). All I can find on this update so far is the standalone download page entitled Update for Windows Vista (KB957200). Of course, I’m dying to know what’s been tweaked in this particular update, and why MS decided to push it out the door before November 11 (next patch Tuesday). The Web is abuzz with the word that the KB article remains missing in action, so I guess I’ll have to bide my time. As of this morning (10/30/2008) the article remains missing in action, so I posted a query to the Technet Windows Vista Announcements forum in hopes it might provoke some kind of official response (or better yet, the promised KB article).
My advice on MS08-062 is to download and install it, unless you never use the Internet Printing Service, in which case you can simply turn it off on your PCs, or set a GPO to do it globally. Files affected are detailed in KB 953135, and include three Vista DLLs: Msw3prt.dll, Win32spl.dll, and Printcom.dll. As far as the reliability update documented in KB957200 goes, stay tuned: I’ll provide more information about this update as soon as it becomes available.
Wow! Two out-of-cycle update postings for Windows in the same month, after 18 months with no updates except for Patch Tuesday releases. What does it all mean?