Microsoft's security centre has confirmed that a patch for the already-exploited DNS server bug in Windows will be among the seven updates scheduled to release next Tuesday.
In a posting on the Microsoft Security Response Centre (MSRC) blog, program manager Christopher Budd vouched for the patch. "The listing of updates slated for Tuesday does include the update we've been working on," Budd said.
His comments were posted after Microsoft announced that it would be releasing seven updates next week.
As recently as a week ago, Budd has said that while his group was making progress on a fix for the DNS vulnerability, he stopped short of guaranteeing a May 8 delivery. "We are increasingly confident that we will have an update," he said then, "[but] this could change."
The bug, first acknowledged by Microsoft three weeks ago, has been exploited by attackers, who have used it to assault Windows 2000 Server and Windows Server 2003 systems. Outside researchers predicted then that Microsoft would issue an out-of-cycle fix for the flaw, but the company, which blogged repeatedly about the issue, maintained that it needed the time to test the patch and argued that actual attacks remained sporadic.
Budd also warned server administrators who have applied Microsoft's temporary defensive workarounds that Tuesday's patch will not automatically undo those changes. "You should include a plan to undo the workarounds you implemented during your deployment," he said. Instructions on how to reverse the workarounds are in the current security advisory.
Tuesday's security update fixing the DNS bug will require administrators to reboot the server, Budd noted.