I sure that many of you are aware that later on today Microsoft will be releasing a patch for a zero-day security hole in Windows based operating systems that can be accessed by specially crafted .ANI files.

I subscribe to several security RSS feeds including and

This morning when I checked the RSS feeds I was surprised to see that Microsoft's had not been updated. When I checked the website three news updates had been posted but the RSS feed itself had not been updated.

This vulnerability is easily the most critical zero day since Microsoft moved to monthly patching. The fact that an out of band patch is due to be released today only enforces that and therefore its insane that they haven't done any quality checking on something as simple as the RSS feed for Security Response Centers blog! I hope this is not a sign of the surprise with which Microsoft has been caught out.

Microsoft's security response center blog