The security update – MS10-025 – was originally issued April 13 as part of Microsoft's regular Patch Tuesday updates. The vulnerability, which affects Windows Media Services on Windows 2000 Servers, can be exploited to execute remote code. Microsoft revoked the update because it does not protect users from this vulnerability. Microsoft said it is targeting a re-release of the update next week.
“You will need to reapply this bulletin to any machine that you have already patched in your April Patch Tuesday cycle,” Jason Miller, data and security team manager at patch and configuration management vendor Shavlik Technologies, said in a statement to SCMagazineUS.com on Thursday.
Microsoft said it is not currently aware of any attacks seeking to exploit the issue. In addition, the bulletin itself applies to a very small number of targets in a typical organization, Miller said.
Microsoft has posted workarounds on the bulletin page to help mitigate the risk of this vulnerability.
“Customers should review the bulletin for mitigations and workarounds and those with internet-facing systems with Windows Media Services installed should evaluate and use firewall best practices to limit their overall exposure,” the Microsoft Security Response Center said in a blog post.