A quick update for those looking for more information about Microsoft’s latest RPC vulnerability (MS08-067): over the weekend, more information has become available. First, there is good news for those of you that are still running NT4. Patches for Windows NT are said to be available:
Microsoft has created patches for NT4 Workstation, NT4 Server, and NT4 Terminal Server, however, these patches are only available to folks who have purchased an NT4 Custom Support Agreement from Microsoft.
If you are looking for more information than Microsoft’s security bulletin provides, I highly recommend the FAQ available at Securiteam. It contains all relevant information about the patch, the vulnerability and the malware currently exploiting it. If you’re looking for technical information check out the reverse engineering work done here. It’s very interesting to read about how they managed to find the problematic code, even if you’re not interested in this particular vulnerability.