A glitch in Microsoft's Windows Update automated patching service caused a security fix that was released last month to be delivered to computer users on Tuesday (9 December), the same day Microsoft proclaimed December would be a patch-free month.
The software patch fixes a serious vulnerability in a set of website management tools called FrontPage Server Extensions, which are part of Microsoft's Windows 2000, Windows XP and Office XP software, according to Microsoft Security Bulletin MS03-051. Exploiting the flaw could allow an attacker to gain control over a user's PC.
Because of a flaw in the Windows Update system, the patch that was released at the same time as the bulletin was not delivered until this week.
"Microsoft... has corrected an error in Windows Update that prevented MS03-051 from reaching certain Windows XP customers via Windows Update or Automatic Update technologies," the company said.
Microsoft said it was unaware of any hackers having exploited the vulnerability and encouraged users to install the patch as prompted by the Windows Update service.
Microsoft also noted that this security issue was rated "moderate" for most Windows XP systems, while it was rated "critical" for systems running Windows 2000 and Office XP with SharePoint Team Services 2002 enabled.
Joris Evers writes for IDG News Service