Earlier this month, Microsoft reported that various versions of Windows were vulnerable to an Internet Group Management Protocol (IGMP) flaw that could allow for hackers to remotely execute code on unprotected systems. Missing from the list of affected Windows versions, however, was Windows Home Server (WHS) and Small Business Server (SBS). This week, Microsoft corrected that mistake, noting that WHS and SBS are affected by the flaw and are potentially even more at risk than certain desktop Windows versions.
"Supported editions of Windows Small Business Server 2003 and Windows Home Server contain the same affected code as Windows Server 2003," a notice about the flaw now reads. "Windows Small Business Server and Windows Home Server configurations have IGMP enabled by default and will result in a greater exposure to the same vulnerability. Therefore, while Windows Server 2003 is rated as having a severity rating of Important, Windows Small Business Server 2003 and Windows Home Server merit a severity rating of Critical."
Microsoft now provides a downloadable security update for SBS and WHS to correct this issue, which affects SBS 2003 with Service Pack 1 (SP1), SBS 2003 R2, SBS 2003 R2 SP2, and WHS. This update is available via Windows Update and directly from the Microsoft Web site.