Microsoft today issued an emergency patch for a severe security hole in all supported versions of Windows Server which allows attackers to create administrator accounts and gain full access to systems. Due to the severity of the flaw, Microsoft was forced to depart from its usual Patch Tuesday pattern of releasing security updates to push out the out-of-band patch.
The company urged Windows users to immediately install the patch, warning the vulnerability was already being exploited.
The update addresses the MS14-068 hole in the Windows Kerberos KBC component, which authenticates computers on a local network. While less troublesome for home users, the bug is rated critical for server versions of Windows, posing a serious threat to businesses running any of the supported versions.