IT staff await critical security update from Microsoft

Filed Under: Microsoft, Vulnerability

IT system administrators are being warned today about a critical security vulnerability in versions of Windows, which could allow hackers to install malicious code (such as a worm) without user intervention.

According to Microsoft versions of its Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 operating system are affected by the bug - which is anticipated to be fixed by an emergency patch to be released at 10am PST (6pm UK time) today.

Microsoft announcement about out-of-band critical security update

More information can be found in Microsoft's advance notice at

Microsoft normally bundles its security updates into a monthly package, known in the industry as "Patch Tuesday", and it is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle. This may indicate that Microsoft considers the bug particularly important to patch as soon as possible.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley