It’s been a while since Microsoft has published a critical security patch outside of their monthly schedule. On October 23rd, 2008 a bulletin was released announcing a patch is breaking the cycle. Microsoft rates today’s fix a level 3 critical patch. (maybe Microsoft should adopt the color coded Homeland Security alert system?)
Reviewing the bulletin, the non-technical explanation is that bad data sent from one computer can allow unauthorized users to run programs on another computer. This is a favorite exploit method for hackers as they can easily propagate bad software via this type of vulnerability to any computer on the same network. This patch affects all versions of Windows, including the beta release of Windows 7 (the successor to Windows Vista).
Network Velocity has already begun deployment of this critical patch to our clients. We recommend everyone read about and deploy this patch for their home computers as well.
UPDATED:
Two worms have been recognized as exploiting this vulnerability.
