This vulnerability, if left unpatched, affects every flavour of Windows utilising the IIS services version 6+ to support web sites.
In its latest 'Patch Tuesday' notice, Microsoft issued 14 security bulletins including fixes for the Freak flaw and the Stuxnet worm - which was thought to have been patched five years ago.
Monolithic operating systems will attract attackers, and speed to market will trump security, so expect patches and be intelligent about how vulnerabilities are fixed says Raimund Genes.
Microsoft said the change to its patching was made because customers no longer use the previewing system the same way they did in the past.
Questions need to be asked of Patch Tuesday and Microsoft's approach to it, says Robert Brown.
Microsoft has very unusually released an `out-of-band' security patch to fix a vulnerability in Windows - and Windows Server - that hackers are reportedly exploiting to compromise IT networks.
Microsoft has unexpectedly withdrawn a key element of its Patch Tuesday operating system refresh after discovering a flaw in an update for Windows 7 and Windows Server 2008.
Microsoft has issued four bulletins covering a total of 42 vulnerabilities, 36 of which are rated critical.
The cycle of updating software at the end of life has, itself, reached its end of life with managed services the way ahead says Kevin Linsell
Microsoft's latest Patch Tuesday security fixes for its products included two last-minute updates that show the company rushing to respond to the escalating pace of cyber attacks.
Patch Tuesday sees major slew of vulnerabilities to be fixed
Microsoft's Patch Tuesday update has been released, giving users a highly anticipated fix for a TIFF zero-day flaw and 23 other bugs affecting company software.
Microsoft has announced that it is further strengthening Internet Explorer with the release of a critical bulletin in this month's Patch Tuesday next week.
Microsoft released five bulletins on its June Patch Tuesday, fixing one critical vulnerability in Internet Explorer.
Microsoft released ten bulletins yesterday fixing 33 vulnerabilities, including the zero-day in Internet Explorer 8.
Microsoft has acknowledged problems caused by a patch released this week that can cause system errors.
Microsoft issued nine bulletins to fix 14 vulnerabilities this week; however it left several known flaws unpatched.
Microsoft released seven bulletins last night, containing four patches rated as critical, to fix 20 vulnerabilities.
Microsoft released 12 bulletins, five of which were rated as critical, to address 57 vulnerabilities on Patch Tuesday.
Microsoft released seven bulletins on its first patch Tuesday of 2013, addressing 12 vulnerabilities in Windows, Office, Developer Tools and Windows Server.
After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.
Microsoft delivered its monthly security update on Tuesday to rectify 12 vulnerabilities, five of which are present in Internet Explorer (IE) and comprise the most pressing patch to deploy.
Microsoft plans to release eight patches on Tuesday - six for "critical" vulnerabilities - as part of its monthly security update.
Hours after releasing four patches as part of its monthly security update, Microsoft warned late Tuesday of a new, zero-day vulnerability in Word that is being actively exploited in targeted but limited attacks.
A massive domain name server (DNS) design vulnerability that could permit cache poisoning - effectively allowing an attacker to direct users to the website of his choosing - is set to be fixed by an unprecedented synchronized series of multivendor patches.
In its Patch Tuesday update, Microsoft addressed nine vulnerabilities by releasing four security updates, none of which were deemed critical.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Scone: Bettys Tea Shop loses 122,000 customer records in data breach
- Adult Friend Finder breach exposes millions of users
- UK web admin tool infected to access 'gold mine' of data
- Update: GCHQ and police hackers protected by revised Computer Misuse Act
- 'Burnt-out' security pros hide breaches, demand bigger budgets