Microsoft has been delaying the distribution of its automatic security updates so that it can prioritise a fix for a flaw that is already being exploited online.
The firm admits many users are not automatically getting all the security patches made available on 8 August as part of its monthly scheduled security cycle.
Microsoft says security bulletin MS06-040 has been given the highest priority via its Automatic Updates service, for instance.
The US Department of Homeland Security last week issued a warning to users to download this patch as a matter of urgency, as it was already being used by remote attackers to target users.
MS06-040 fixes a problem that allows remote attackers to use a flaw in Windows which can open up users’ systems without any interaction on their part.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats