The exploit for a vulnerability affecting the Server Service on all supported versions of Windows has been included in a commercial malware kit, available for sale. MS08-067 is labeled with a maximum severity rating of Critical, and the security bulletin is designed to patch vulnerable Windows operating systems, which could allow for remote code execution via a successful attack involving a specially crafted, malicious RPC request. The vulnerability affects the latest Windows client and server operating systems, including Windows 7, Windows Vista Service Pack 1 and Windows XP Service Pack 3.

“Probably the most widely reported topic in the Chinese Security community this month will be the availability of a commercial MS08-067 attack pack, customized for Chinese users. On October 26th, 2008, exploit code was posted on to a well-known public repository site. In a few days, malware kit author, WolfTeeth, was quick to sell a MS08-067 port scanning tool with attack capability to his ‘customers,’ using free code from the Internet,” revealed Haowei Ren and Geok Meng Ong, from the McAfee Avert Labs.[ more >> ]