Microsoft is issuing an out of band security update tomorrow September 28,2010.
My personal suggestion is to avoid any online shopping and online banking for a day or two.
The exploit affects the Microsoft .net service that is used for keeping information on a Web server secure.
The SAN’s internet storm center sums up Microsoft’s advisory this way:
Translated, this means that the vulnerability undermines basic web application security.
While there probably be updates for all Windows computers, the real problem is on a Web server that is used for any type of financial account.
It is very easy for an attacker to access all the information on the server even if it is encrypted. Until these servers are patched, they have no real security.
SAN’s for the 2nd time in two years has issued a Yellow Threat level.
There are apparently live attacks occurring on servers right now and Microsoft has released some of the updates already to be downloaded, but most servers cannot patch until it is fully release tomorrow.
This affects only Windows Web servers.
The service is present on most Windows computers and will require an update too. The service is not normally used on personal computers and is not normally active and vulnerable to this exploit. Your personal computer is most likely safe till it is updated.
Websites that are not hosted on Windows servers are safe.
Which ones do and which ones don’t is the problem. Therefore, I suggest if you have any online shopping to do, wait for a few days till the servers can be patched. Do not do any online banking or financial transactions.
Viewing websites will be just fine as long as you are not giving any kind of account information. Google and Yahoo should be safe.