More in detail, the vulnerability is caused by a hole in the Server Service. Using a custom crafted RPC-call, an attacker could execute code without any authentication. All current supported platforms are affected, but mostly Windows 2000, XP and 2003 are the most vulnerable. For Vista and server 2008 the bug is marked ‘Important’, as on these platforms there is already a double-check through the much debated UAC option.

However it needs to be noted that even without patching, you can successfully protect a computer against the attack by properly using the firewall, or of course turning off the file-sharing option.

The striking fact is that usually Microsoft doesn’t like to deviate from their normal patch cycle. In fact, this has only happened 3 times before according to the Washington Post. So when the Redmond boys do, it usually means the hole is already being used to break into machines.

I’d recommend to everyone to update their Windows machines as soon as possible, either by using Windows Update, or by visiting the Microsoft Update website.

However, for those who run the WoW.exe (which is the actual game-executable) directly, this download has not happened yet. And a big download it is, for TBC-players, roughly about 1.6 GB, for Classic players about 2.6 GB.

To ease the update process a bit, I have made the updates for the TBC-players available online at this site. Just follow this link, and you’ll find a zip file which contains the whole 1.6 GB updates. If you’ve already downloaded one or more files and don’t need the complete zip, you also find the extracted version there, which you can browse and download only the files you need.

Enjoy, have fun and maybe see you in Azeroth .

Update: Patch files are no longer available through this site… Please use the normal built-in Bittorrent client to acquire them.