Critical Out of Band Microsoft Security Bulletin MS08-067
Thursday Microsoft released an out of cycle Security Bulletin and Microsoft recommends customers apply the update immediately.
For the out-of-band security bulletin added to Version 3.0 of this bulletin summary, Microsoft is hosting a webcast to address customer questions on October 23, 2008, at 1:00 PM Pacific Time (US & Canada). Register now for the Out-of-Band Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
You can read more about Microsoft Security Bulletin MS08-067 – Critical, Vulnerability in Server Service Could Allow Remote Code Execution (958644) online. Also, you can sign up to Get Security Bulletin Notifications in the future. Bulletin alerts are available in RSS, instant message, mobile device, or e-mail format.
Yes you really need to do this ASAP and yes it does require a reboot, Vlad says you don’t need to, but HA says better safe than sorry. These kinds of patches leave your system in an unknown state, so bit the bullet and let it reboot. See he did :>)
October 24th, 2008 at 7:58 am
Andy,
I don’t advocate not rebooting, however, some people have 24/7 operations during the week and require 99.999% and cannot interrupt the business for a reboot which is what these are designed for.
We rebooted all of our stuff, but then again, we have clustered redundancy and can afford to reboot it one system at a time without affecting availability.
I totally agree with your assessment, but installing the patch without a reboot in my mind is a lower risk than not installing the patch until the weekend as most IT folks tend to do.
-Vlad