As planned, Microsoft on Tuesday released an out-of-band patch to repair a vulnerability in the web application framework. Bulletin MS10-070, rated "important" but carrying Microsoft's highest exploitability risk, plugs a hole that is present in all supported versions of Windows. The bug involves a weakness in the way the technology implements encryption that could allow an attacker to tamper with and potentially steal sensitive data. Administrators should only rush to patch those machines running a web server with installed, said Wolfgang Kandek, CTO of vulnerability management firm Qualys. — DK