Microsoft released today an out of band patch for a Critical vulnerability that affects all Windows Platforms. 

 

The issue also serves as a replacement for the issue addressed by MS06-040, this patch is labelled as MS08-067. The issue addresses CVE-2008-4250 which is a remote code execution vulnerability within the Server service of the Windows Platform. The vulnerability is due to the service not properly handling a specially crafted RPC request. The end result of successful exploitation is that the attacker can execute code with SYSTEM level privileges.

The issue is rated as Critical for all releases of Windows 2000, Windows XP and Windows 2003 for both 32-bit and 64-bit platforms. For Windows Vista and Windows 2008 the issue is rated as Important, however we all know this is probably really Critical for these platforms too.

To make matters worse for this issue there is already exploits available for the issue and it is being exploited in the wild. Therefore the issue can be considered enough of a high risk that network administrators should consider getting the patch installed as soon as possible.