Out of Cycle Windows Update – Patch Today
Yesterday news broke of an out of cycle security patch for Windows. The bulletin is available from Microsoft. Apparently the vulnerability was in the Windows Server service (XP, 2003, 2000, 2008, Vista ALL affected though regardless of server/workstation/client/desktop/etc…). The RPC handling (remote procedure call) is the achilles heel this time around. It sounds as though as many as 100 instances of this flaw being exploited had been seen in the wild, but use was increasing which prompted the out of cycle release. This is the kind of vulnerability that could be exploited by a worm that could give rise to a worm reminiscent of the Blaster Worm. (Worms are self-replicating viruses that spread over networks without user intervention.)