This post is about the emergency patch release today on Thursday 23rd of October. For more info: http://bink.nu/news/emergency-patch-details-server-service-vulnerability.aspx. This a re-posting of the following Bink story: http://bink.nu/news/emergency-patch-the-effect-on-installations.aspx
Microsoft has been quick to act on informing IT pros and the general public on the security issue in nearly every NT-based Windows version out in the wild however more details are still lacking.
The bug concerns the Server service found in all NT-based Windows OS responsible for communication between computers in a Windows based Network allowing for remote execution of code.
Bink first reported the issue along with a link to the rather small KB article. Since then Microsoft updated the article (several times?) to provide more information to the public. Questions are raised after seeing this additional information.
Why are Windows 2000 / XP / 2003 rated “Critical” and why are Vista and 2008 rated “Important”?
Why is there information available on what could happen on Windows 2000 / XP / 2003 systems but not on what could happen to Vista and 2008 systems?
Why are Windows Server 2008 Core installations effected?
Who found this critical flaw? (Internal or external reporting)
How come Windows 7 is effected? (This also confirms the bug is in the deep roots of the NT Server service and no major overhaul is taking place in concerning these types of services in Windows 7, not that a overhaul was expected.)
The updated are available to all users via Windows Update right now. All systems using the default autoupdate settings should get the patch tonight. For enterprise deployment, please refer to the deployment guide.
Hopefully when the systems are patched, we could get a glimpse on how this bug works and how it could be there has been a flaw in a modern and secure system for over 8 years now. More information will be posted as it comes available.