Microsoft releases a patch and it’s not Tuesday? Take heed.

By now, we’ve been trained to know that the first Tuesday of every month is the debut of a new crop of patches from the folks in Redmond. But when a patch is released and it’s not a Tuesday, that’s a pretty good clue that the potential for very bad things is, well, very real.

Late last week, Today Microsoft released an emergency patch rated as critical for users of Windows 2000, Windows XP, and Windows Server 2003. This is the first out-of-cycle patch since April 2007, when the company released a patch for a flaw that already was being actively exploited.

“This flaw definitely has potential to be used as a propagation vector for a worm and affects everything from Windows 2000 to Windows 7 pre-beta,” said – not someone from Microsoft, but Ben Greenbaum, senior research manager at Symantec Security Response. “The good news is that Vista and later operating systems will be more difficult if not impossible to exploit automatically, and that most systems will not have the affected ports exposed to the Internet.”

That’s good to know, but with zillions of users downgrading their Vista machines to run good old XP, the problem is not going away with the passage of time.

According to Greenbaum, all it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers.

Check out the bulletin for this new threat, Vulnerability in Server Service Could Allow Remote Code Execution.

And remember to read the details about all of the October updates.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies