Microsoft announced Wednesday night that it is issuing an emergency defense patch Thursday, 19 days before the next regularly scheduled Patch Tuesday on Nov. 11. It’s the first date in more than a year that Microsoft has issued a so-called “out-of-band” patch.

News of the patch first arised in a brief blog posting by MSRC protection program manager Christopher Budd, who wrote that “I wanted to let you know that we’ve just posted an advance notification for an out-of-band bulletin release. We plan to release one Windows defense bulletin with a maximum severity of critical; scheduled for a target day of 10:00 a.m. PT on Thursday Oct. 23, 2008. A restart will be due.”

Microsoft was hosting a special Webcast Thursday afternoon to discuss the threat in detail.

‘Wormable’ Flaw

The patch is intended to prevent hostile cipher from executing specifically constructed remote procedure calls on vulnerable systems. It is described as critical for every flavor of Windows from XP forward.

So far, there are relatively few

details about how the shield gap might be exploited, and no indication that it has been. Preliminary reports, however, have described it as a “wormable” flaw — i.e., a software weakness that could be exploited without any action on the part of the user.

Some preliminary info about the nature of the threat was restricted in an updated Microsoft protection Bulletin Summary for October 2008. Under the dry heading of Vulnerability in Server Service Could Allow Remote cipher Execution, Microsoft says that “consistent exploit cipher has been discovered in limited, targeted attacks, affecting Windows XP and Windows Server 2003.”

The summary linked to the more specific Microsoft safety measure Bulletin MS08-067-Critical, which states that “On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit that vulnerability without authentication to run arbitrary cipher. It is possible that…

Original post by Mike

apple fun avi gadget news mp3 phone control energy screen tapes