Microsoft to Issue Emergency Security Update TodayOctober 23, 2008 – 9:07 AM
Microsoft said late Wednesday that it plans to break out of its monthly patch cycle to issue a security update today for a critical vulnerability in all supported versions of Windows.
Redmond rarely releases security patches outside of Patch Tuesday, the second Tuesday of each month. The software giant isn’t providing many details yet, but the few times it has departed from its Patch Tuesday cycle it has always done so to stop the bleeding on a serious security hole that criminals were using to break into Windows PCs on a large scale.
By Security Fix’s count, this would be the fourth time since January 2006 that Microsoft has deviated from its monthly patch cycle to plug security holes. As shown by the stories in the linked examples above, Microsoft has fixed problems, each time, that were being actively exploited by bad guys to break into PCs.
Microsoft’s advanced notification bulletin says the problem is critical on Windows 2000, Windows XP and Windows Server 2003, meaning this is a vulnerability that can be exploited through little or no help from the user. Redmond’s labels the flaw “important” on Windows Vista and Windows Server 2008 machines.