October 28, 2008, 11:11 AM — By now, weâ€™ve been trained to know that the first Tuesday of every month is the debut of a new crop of patches from the folks in Redmond. But when a patch is released and itâ€™s not a Tuesday, thatâ€™s a pretty good clue that the potential for very bad things is, well, very real.
Late last week, Today Microsoft released an emergency patch rated as critical for users of Windows 2000, Windows XP, and Windows Server 2003. This is the first out-of-cycle patch since April 2007, when the company released a patch for a flaw that already was being actively exploited.
â€œThis flaw definitely has potential to be used as a propagation vector for a worm and affects everything from Windows 2000 to Windows 7 pre-beta,â€ said â€“ not someone from Microsoft, but Ben Greenbaum, senior research manager at Symantec Security Response. â€œThe good news is that Vista and later operating systems will be more difficult if not impossible to exploit automatically, and that most systems will not have the affected ports exposed to the Internet.â€
Thatâ€™s good to know, but with zillions of users downgrading their Vista machines to run good old XP, the problem is not going away with the passage of time.
According to Greenbaum, all it takes is one client-side exploit or Trojan that includes this exploit as a payload to get such a worm into a corporate network, where the affected ports are typically exposed to other internal computers.
Check out the bulletin for this new threat, Vulnerability in Server Service Could Allow Remote Code Execution.
And remember to read the details about all of the October updates.