News

Microsoft issues critical out of cycle server security patch update for Windows

Microsoft has released the "out of cycle" critical server security patch it promised yesterday.

Critical patch MS08-067 resolves a vulnerability in the Server service that affects all currently supported versions of Windows.

The patch for Windows XP and older versions is rated as "critical", whilst the version for Windows Vista and newer versions is rated as "important".

"Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible," said Microsoft.

Microsoft said, "We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems, that we discovered about two weeks ago through our ongoing monitoring.

"As we investigated these attacks we found they were utilising a new vulnerability and initiated our Software Security Incident Response Process (SSIRP). As we analysed the vulnerability in our SSRP process, we found that this vulnerability was potentially wormable on Windows XP and older systems."

The patch has been issued after the main batch of regular monthly patches released earlier this month.

Microsoft said, "Our analysis showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly. We felt that it was in the best interest of customers for us to release this update before the regular November release cycle."

One blue chip, preparing to patch company machines over the weekend, reported that it had also emailed all staff asking them to ensure their home and personal computers were also as secured against vulnerabilities. The email said:

"It would also be a good move for you to check your home machines to see if you have the latest Microsoft updates: you can do this by following the link to Microsoft’s website: http://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx?returnurl=http://www.update.microsoft.com/microsoftupdate&ln=en-us"

More on the security update:

http://blogs.technet.com/msrc/default.aspx

http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy