A glitch in Microsoft’s Windows Update automated patching service caused a security fix that was released last month to be delivered to computer users on Tuesday, the same day Microsoft proclaimed December would be a patch-free month.A glitch in Microsoft‘s Windows Update automated patching service caused a security fix that was released last month to be delivered to computer users on Tuesday, the same day Microsoft proclaimed December would be a patch-free month.The software patch fixes a serious vulnerability in a set of Web site management tools called FrontPage Server Extensions, which are part of Microsoft’s Windows 2000, Windows XP and Office XP software, according to Microsoft Security Bulletin MS03-051 released Nov. 11. Exploiting the flaw could allow an attacker to gain control over a user’s PC, Microsoft said.Due to a flaw in the Windows Update system, the patch that was released at the same time as the bulletin wasn’t delivered until now, Microsoft said in a brief statement. “Microsoft … has corrected an error in Windows Update that prevented MS03-051 from reaching certain Windows XP customers via Windows Update or Automatic Update technologies,” the Redmond, Wash., company said.Microsoft said it wasn’t aware of any hackers having exploited the vulnerability and encouraged users to install the patch as prompted by the Windows Update service. Russ Cooper, surgeon general of TruSecure and moderator of the NTBugtraq security mailing list, said he wished there had been a worm or a high-profile attack that took advantage of this particular flaw.“Too bad that did not happen because we would lose all the people that work on Windows Update development and instead have people who are capable,” he said. “I have sent out numerous e-mails with the title ‘Windows Update is a dog.’ It is a terrible delivery mechanism.”Microsoft also notes that this security issue was rated “moderate” for most Windows XP systems, while it was rated “critical” for systems running Windows 2000 and Office XP with SharePoint Team Services 2002 enabled.In Microsoft’s rating system for security issues, vulnerabilities that could allow a malicious Internet worm to spread without any action required on the part of the user are rated critical. Issues that will not lead to the spread of a worm without any action taken by the user, but could still expose user data or threaten system resources, are rated important. Vulnerabilities that are very complicated to exploit, or hard to exploit because they are blocked by the default settings on a PC are considered moderate threats. Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Enterprise Storage Enterprise Storage news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe