Microsoft to launch out-of-band security patch


Microsoft will be releasing an out of band security patch today to address a flaw in its Windows Server operating systems.

The vulnerability in ASP.NET was reported on 17 September when an attacker used it to view encrypted files on a server and meddle with the data before sending it back.

Now the company is releasing an unscheduled bulletin, rated as important, to fix the issue.

"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defences and workarounds," wrote Dave Forstrom, director of Trustworthy Computing at Microsoft, in a blog post.

He also said, whilst Windows desktops were listed as affected, they were only at risk if people used them as web servers as well.

Initially the update will only be available through the Microsoft Download Centre.

"This enables us to get the update out as quickly as possible, allowing administrators with enterprise installations, or end users who want to install this security update manually, the ability to test and update their systems immediately," added Forstrom.

It will then go out through the usual Microsoft updates route over the next few days.