As scary as Heartbleed was this past spring, it looks like virtually every Microsoft Windows user is in for a little deja vu. Microsoft just released a critical patch for a huge server vulnerabilityâ€”one that affects quite a few current versions of Windows out there.
As of now, Microsoft isn't aware of anyone actually taking advantage of this vulnerability, which allows "a remote code execution vulnerability... due to the improper processing of specially crafted packets." In other words, if an attacker modified packets in a particular way and attacked your machine, they may be able to execute whatever code they like remotely without an authorized an account. The attack appears to only affect those running a server on affected platforms.
You can head here for a list of every affected Windows machine. If you fall somewhere in that (pretty extensive) list, go get downloading. Because at least according to Microsoft, this patch is the only way to fend off any rogue third parties trying to make use of the vulnerability. So if you use Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8/8.1, Windows Server 2012/2012 R2, or Windows RT/RT 8.1, you can get the patch using either Windows Update or head over to Microsoft's Support site hereand download the patch ASAP. Seriously. Do it. Now.