MS08-067: Retro-Style Threat Services Windows, Again

One of the key tenets of computer security is that no unnecessary services should be running. But by default, Windows enables many services that aren't just unnecessary, they are downright risky. The lesson of just how risky that practice is got hammered home - again - this week after attackers released exploit code targeting promiscuously enabled services. And the culprit services aren't just enabled on Windows 2000 and XP but also on Windows Vista, indication that even this most basic of security precautions has gone unattended by Microsoft.

Unless you're on a network LAN, disable these two services: Server Service (not to be confused with an actual server) and the Computer Browser Service (not to be confused with the Internet browser). Not sure if you're on a network LAN? Contact your IT Help Desk. Don't have an IT Help Desk? Chances are you aren't on a LAN.

Reminiscent of the Blaster worm, the exploits target vulnerabilities in the handling of RPC requests. Malformed requests sent to the Server Service or the Computer Browser Service can give attackers the ability to remotely upload and run malicious code on your system. Most firewalls, even permission-based firewalls, give carte blanche privileges to Windows services - so you can see where this is going. Don't rely on your firewall to prevent this attack. (And if you do use a permission-based firewall, don't let it allow unfettered Internet access to Windows services. Make them ask.)

Microsoft has released MS08-067 as an out-of-band patch to resolve the threat. However, even if you install the MS08-067 patch (which you should), you should still disable the Computer Browser Service and the Server Service if you are not on a network LAN. This applies to any service that is not explicitly needed. Remember, one of the key tenets of computer security is that no unnecessary services should be running. Are you listening Microsoft?