Critical patch MS08-067 resolves a vulnerability in the Server service that affects all currently supported versions of Windows.
The patch for Windows XP and older versions is rated as "critical", whilst the version for Windows Vista and newer versions is rated as "important".
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible," said Microsoft.
Microsoft said, "We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems, that we discovered about two weeks ago through our ongoing monitoring.
"As we investigated these attacks we found they were utilising a new vulnerability and initiated our Software Security Incident Response Process (SSIRP). As we analysed the vulnerability in our SSRP process, we found that this vulnerability was potentially wormable on Windows XP and older systems."
The patch has been issued after the main batch of regular monthly patches released earlier this month.
Microsoft said, "Our analysis showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly. We felt that it was in the best interest of customers for us to release this update before the regular November release cycle."
One blue chip, preparing to patch company machines over the weekend, reported that it had also emailed all staff asking them to ensure their home and personal computers were also as secured against vulnerabilities. The email said:
"It would also be a good move for you to check your home machines to see if you have the latest Microsoft updates: you can do this by following the link to Microsoft’s website: http://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx?returnurl=http://www.update.microsoft.com/microsoftupdate&ln=en-us"
More on the security update: