Microsoft characteristically releases security updates and fixes on the second Tuesday of every month, an event that has come to be known as Patch Tuesday, but on rare occasions the company will issue an out-of-schedule update to address vulnerabilities that require immediate attention. Such is the case today, with the company rushing out an emergency security patch for Windows users.
Microsoft offered few details on why it was releasing the software update, which is rated “critical” for users of Windows 2000, XP, and Server 2003 but carries the less severe rating of “important” for users of Windows Server 2008 and Windows Vista. It did say, however, that the vulnerability could result in remote code execution, enabling an attacker to take control of a target’s computer.
The update will be released today at 10.00am Pacific Time, with a restart required. As a side note, it is being reported that the last such emergency patch issued by Microsoft was in April 2007, when the company fixed a vulnerability with .ani cursor files that was being exploited by malicious code hosted on hundreds of websites.