The advisory was originally released last Wednesday, and described the vulnerability that affected the Windows Media Services component of the Microsoft IIS Web-server as moderate.
It was re-released on Friday. It upgraded the threat rating to "Important".
"On May 28th, Microsoft released the initial version of this bulletin, rating the severity of the vulnerability as Moderate. Subsequent to that release we have determined that the actions an attacker could take as a result of exploiting this vulnerability could include the ability to execute arbitrary code," it said. "As a result, Microsoft has reissued this bulletin and changed the severity rating to Important".
Although the security advisory was updated, the original patch for the software remains unchanged.
"The original patch corrects the vulnerability and is not being re-released," the updated advisory says.
This came at a bad time for Microsoft, which was forced to pull a patch offline after it caused serious problems for Windows XP users who installed it.
The only bad time I've ever seen for micro$oft was when they have been forced to admit the truth. Such as on the witness stand when billy gates testified to the fact that the windoze os as published by m$ could never be secure due to the architecture of the underlying kernel messaging system.
Why is anyone who installs an m$ patch surprised that it breaks other "features" of said operating system? That is a known fact also.
For those of you who use windoze products, you get what you pay (an outrageous price) for: poorly written software without any guarentee of operating as defined in the eula...
Pete