Remember when I said we posted an advance notification of an out-of-band security bulletin that was going to be released today (hint)? Well sure enough, it’s now released. Over on the MSRC blog they have all the gory details but I’m only going to give you a glimpse here:
This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test and deploy the update as soon as possible. To help you better understand the details around the vulnerability, my colleagues over at the Security Vulnerability Research & Defense blog have provided some more information here. Also, Michael Howard has provided some background on the vulnerability from the Security Development Lifecycle perspective here.
If you want to continue reading you can find their original post here.
J.C. Hornbeck | Manageability Knowledge Engineer