On 23/10/08, Thursday Microsoft has released an emergency update for a major security fault automatically spreads harmful code to the computer systems containing Windows XP and earlier versions of the windows operating system.

Christopher Budd, a security program manager for Microsoft advised to update the patch as soon as possible because the vulnerability is possibly wormable on the older version of windows. Microsoft stated that the vulnerability has caused by the flawed processing of remote procedure call (RPC) requests by the Windows Server service, is already being used by online attackers to compromise vulnerable systems, Windows XP, Windows 2000 and Windows 2003 systems could be compromised remotely, if the systems do not have a personal firewall installed and working or if file and printer sharing is activated. Windows Vista and Windows Server 2008 systems are not as vulnerable to flaw of the issue, as the attacker would first have to be authenticated to access the vulnerable code.

The networking request for all the Microsoft operation systems versions will be handled by the Windows server.

In the past five years, Microsoft has done a plausible job in wiping out the easiest-to-exploit vulnerabilities by its Secure Development Lifecycle and regenerated focus on security in its Windows operating system and major applications. In addition, cyber criminals change in focus to revenue generation and keener law enforcement success in prosecuting cyber crime has ensued in fewer open epidemics and more delicate botnet-building attacks.

In 2004, Windows computers were affected because of Sasser worm, while the Witty worm infected security appliances and gateway servers by running software from network security firm Internet Security Systems. In 2005, some distinguishable worms, including the Zotob worm, which attempted to create botnets using a flaw in the Plug-and-Play functionality of Microsoft Windows. The hackers who designed both Zotob and Sasser were arrested and convicted.

Microsoft also unveiled a very useful amount of detail about the vulnerability.

Redmond has remained close-lipped about the in-the-wild flaws it adverted to. Cushman stated Microsoft was alarmed to them "a couple weeks ago," but otherwise refused to give details. We've purged the usual sites for exploit code and so far nothing was found..

Patching is not difficult and is as easy as selecting Start > All Programs > Windows Update. It requires the machine to reboot.