Latest software vulnerability met with annoyance but little surprise Microsoft Corp.’s disclosure Tuesday of a sweeping new software vulnerability was met with annoyance but little surprise by U.K. users who were some of the first to wake up to yet another day of patching Wednesday.The vulnerability appears in a Windows component called ASN.1 library, which affects a wide array of Windows software and features on both the desktop and server sides. Microsoft rated the flaw “critical” and computer security experts warned it was one of the most serious vulnerabilities discovered in the company’s software to date. Hackers could potentially raid users’ systems, accessing and changing data, Microsoft said.Microsoft released a patch Tuesday, urging users to download it as soon as possible. Robert Lyall, who heads up the IT department at London-based Investor Relations magazine expressed his frustration Wednesday at the day of patch work that lay ahead.“The end-user doesn’t want to be bothered with this kind of thing every couple of days, and one guy applying patches to 40 machines takes a bit of time!” Lyall said.Lyall also looks after the magazine’s design department and said that he sees people “looking at the Macs enviously, since they don’t have these problems.” Lyall was not alone in his frustration as both Microsoft business and home users reported that they had begun to patch.A London representative for business-to-business delivery company TNT Express, which recently signed an agreement with Microsoft to deploy thousands of Windows Mobile-based devices with back-end Windows systems, said Wednesday that it’s IT staff was busy downloading patches.So was Shaun Megson, a Microsoft home user from Derbyshire, U.K., who said that he took the flaw seriously enough to download the patch after hearing about it on the local news. Surrey, U.K.-based Paul Bournat, another Microsoft home user, said that he also began his day by applying the security patch.“Most of these flaws seem to really be of concern to small business and home users,” Bournat said, speculating that larger businesses would have sufficient additional security. However, he added that most home users he encounters “don’t really understand what a patch is or why they need it.”Media coverage of the security hole was widespread Wednesday, but not all the information was complete or accurate Lyall said that he first heard of the vulnerability when he read about it in the free Metro daily. Metro’s front page story screams “Windows is struck by worst ever bug” in 120-point font.Sherief Hammad, director of Next Generation Security Software Ltd. (NGSS), warned that the hole was “quite a big flaw … that could affect main channels of business and communication.”“ASN.1 coding in itself is a huge beast so it would be very easy to code in flaws accidentally,” he said. Although there have been no reports of the hole being exploited yet, Hammad said that an exploit code could be on the Net somewhere within a week and a half.“There are some are some very, very astute hackers who bring up the initial exploit and then people tack their bug onto it,” he said.Microsoft representatives in the U.K. said that there had been no reported problems with downloading the patch, adding that “tens of thousands” already had. The new hole is just the latest in a string of high-profile security threats targeting the software maker, such as the Mydoom-B and Blaster viruses, and users appear a bit fed up.“Imagine if you bought a car and then found that by tapping a certain body panel in a certain way you trip the central locking and thieves could get in? Would you buy one? Would you take it back if you had?” Bournat queried.For Lyall, at least, the answer is clear. “I’m starting to farm out lots of the tasks to Linux/Unix/Mac-based machines which either don’t have the security issues or need simpler, less frequent updates,” he said. Security