Microsoft plans to patch critical hole separately
Microsoft plans to release an update to close a critical hole in Windows 2000, XP and Server 2003 today. While the hole can also be found in Vista and Server 2008, Redmond only rates the problem as "Important" there. The vendor plans to announce the reasons for this extraordinary patch and give details about the hole in a web cast at 1pm PDT, 9pm UK time.
According to the announcement, the hole allows attackers to remotely inject and execute arbitrary code. Microsoft doesn't comment on whether there already is an exploit, but this is usually the case when the vendor acts this way. Updates for vulnerabilities are usually only released on the patch days every second Tuesday of each month.
- Microsoft Security Bulletin Advance Notification for October 2008, Advisory from Microsoft