Delayed fix ends Microsoft's patch-free month


Delayed fix ends Microsoft's patch-free month

A glitch in Microsoft's Windows Update automated patching service caused a security fix that was released last month to be delivered to computer users on Tuesday (9 December), the same day Microsoft proclaimed December would be a patch-free month.

The software patch fixes a serious vulnerability in a set of website management tools called FrontPage Server Extensions, which are part of Microsoft's Windows 2000, Windows XP and Office XP software, according to Microsoft Security Bulletin MS03-051. Exploiting the flaw could allow an attacker to gain control over a user's PC.

Because of a flaw in the Windows Update system, the patch that was released at the same time as the bulletin was not delivered until this week.

"Microsoft... has corrected an error in Windows Update that prevented MS03-051 from reaching certain Windows XP customers via Windows Update or Automatic Update technologies," the company said.

Microsoft said it was unaware of any hackers having exploited the vulnerability and encouraged users to install the patch as prompted by the Windows Update service.

Microsoft also noted that this security issue was rated "moderate" for most Windows XP systems, while it was rated "critical" for systems running Windows 2000 and Office XP with SharePoint Team Services 2002 enabled.

Joris Evers writes for IDG News Service

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy