MS08-067: Windows remote execution vulnerabiliity - owned in 60 seconds (or less)

Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."

It is unusual to see the amount of attention given to this update and the speed at which it was released, especially out-of-band.

Thankfully for Server 2008 and Vista, the attacker has to be an authenticated user, but Server 2003 and XP users are not so lucky.

Most firewalls already block RPC traffic from external sources, so that attack vector is somewhat mitigated, but what I am worried about is the possibility of a 0-day worm getting inside an organization and worming around the entire network due to internal/client firewall rules.

It is particularly interesting that they released an update for Windows 7 pre-beta, build 6801, which I believe is going to be the build version given out at the PDC.

If you are running the beta builds of the Forefront Stirling TMG that have the GAPA protection enabled, you are already protected at the firewall level from the exploit due to the updated definitions already released by Microsoft. You can sort of think of it like Snort signatures.

I haven't seen Active-eXploits out in the wild yet, but it is only a matter of time.

You can read the Homeland Security National Vulnerability Database report on it here.

You can read a more in-depth report from the Microsoft Security Vulnerability Research and Defense team on the update here.

Direct download links to the patch, per OS:
Win 2K SP4
Win XP x86 SP2/SP3 / x64 RTM/SP2
Win 2003 x86 SP1/SP2 / x64 RTM/SP2
Win Vista RTM/SP1 x86/x64
Win Server 2008 x86/x64

Other sites with additional information on the exploit:
SecurityFocus
FRSIRT
SecurityTracker
Secunia
XForce (1 of 2)
XForce (2 of 2)