Microsoft issued an ‘Emergency’ security patch a few weeks ago, an event which has only happened four times since 2006.  While Microsoft can sometimes release a dozen critical security fixes each month, this one warrants special attention.

A vulnerability was discovered in the ‘Server’ Windows Service, a common component to all 32-bit/64-bit versions of Windows (NT, 2000, XP, 2003, Vista, 2008) which allows attackers to run arbitrary code on an unpatched system without any authentication.  There is a significant risk that this flaw will be soon exploited by a malicious worm.

This patch falls outside of a normal server patching cycle, so on Friday morning (October 24th) we put together a plan to patch all of our contract customers’ servers as quickly as possible without disrupting employee productivity.  By mid-day Saturday, we had finished nearly all of the patching on customer servers covered under a managed service plan.

Most of our customers have opted to let their employees to decide when to install security patches on the desktops and laptops we manage.  Because of this it is important that you communicate the urgency of this patch to your employees so they can run their updates.  Though most Windows XP and Windows Vista client computers have active firewalls which can mitigate the risk, this patch requires more attention than most.  If you are subscribed to NetworkCare PRO we will let you know which computers still need to be patched in your environment and can help force deployment of the remaining patches if needed.

Here’s a good writeup about the patch at the Washington Post:
Microsoft to Issue Emergency Security Update Today.

Here at BDPNetworks, we are committed to ensuring the continued security of your IT environment and will do everything necessary to maintain business continuity when these events arise.

Thank you for your time, and as always if you have any questions please let one of us know.

-Brian

Filed under: general