By now, we’ve been trained to know that the first Tuesday of every month is the debut of a new crop of patches from the folks in Redmond. But when a patch is released and it’s not a Tuesday, that’s a pretty good clue that the potential for very bad things is, well, very real.
Late last week, Today Microsoft released an emergency patch rated as critical for users of Windows 2000, Windows XP, and Windows Server 2003. This is the first out-of-cycle patch since April 2007, when the company released a patch for a flaw that already was being actively exploited.
“This flaw definitely has potential to be used as a propagation vector for a worm and affects everything from Windows 2000 to Windows 7 pre-beta,” said – not someone from Microsoft, but Ben Greenbaum, senior research manager at Symantec Security Response. “The good news is that Vista and later operating systems will be more difficult if not impossible to exploit automatically, and that most systems will not have the affected ports exposed to the Internet.”
That’s good to know, but with zillions of users downgrading their Vista machines to run good old XP, the problem is not going away with the passage of time.
According to Greenbaum, all it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers.
Check out the bulletin for this new threat, Vulnerability in Server Service Could Allow Remote Code Execution.
And remember to read the details about all of the October updates.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Caught my attention also...
Yes, this mid-cycle patch caught my attention too.Kind of like when the Fed adjusts interest rates in between FOMC meetings.