By
Philip Churchill on October 24th, 2008
Microsoft has released an emergency security update that fixes a critical security hole that is already being exploited in the wild. It fixes a remote code execution vulnerability in the Windows Server Service, which affects WHS as well as other operating systems including XP and Vista.
This is the first time in 18 months that Microsoft has released an emergency security update "out of band" (not on the regular Patch Tuesday).
On Windows 2000, XP, Server 2003 and Windows Home Server anonymous users with access to the target network could exploit the weakness by sending a specially crafted network packet to the affected system. Microsoft has rated the vulnerability as "critical" – its most severe designation – for those versions.
The MS patch will be installed automatically via Windows/Microsoft Update on WHS. If you have Windows Update turned off, then due to the serious nature of the vulnerability install the new MS patch manually without hesitation.
Be aware that this update requires a restart of Windows Home Server.
More information is available here, here and here.