What is the purpose of this alert?

Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The software update will be available for download from the Microsoft Update / Windows Update web site from 4am Australian Eastern Daylight Savings Time (AEDST) on Friday, October 24, 2008.


This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. The purpose of this notification is to assist customers with resource planning for this security bulletin release. For more information about security updates, visit http://www.microsoft.com/protect.

For the latest updates on this vulnerability please refer to the Microsoft Security Response Center blog at http://blogs.technet.com/msrc/default.aspx

Anyone believed to have been affected can contact Microsoft Australia on 13 20 58 or through the Contact Us site at http://support.microsoft.com/contactus/?ws=mscom. Microsoft also recommends that you should contact the Australian Federal Police.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://www.microsoft.com/protect.

Robbie

 

New bulletin summary

Bulletin identifier Windows Bulletin
Maximum severity rating Critical
Impact of vulnerability Remote code execution
Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update
Restart requirement The update requires a restart
Affected software Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008