URGENT: Time To Patch Again

Microsoft has released Security Bulletin MS03-039. There are three vulnerabilities covered in this Security Bulletin. Two of them could enable an attacker to take control of a vulnerable system and execute anything they wish. The third could result in a denial-of-service. This patch would be rated Critical anyway, but the urgency is increased because these vulnerabilities are with the RPC protocol discussed in Security Bulletin MS03-026. The MSBlast worm and all of its variants exploited this vulnerability and wreaked havoc on the Internet just a few weeks ago. Experts fear that a virus or worm exploiting this new vulnerability will come even faster because it will only take a minor revision of the MSBlast worm. For more details you can see this article on silicon.com: New Windows virus outbreak just a matter of days. Windows 98 is no longer officially supported so Microsoft does not test it for vulnerabilities or release patches for that platform, however Microsoft states that Windows ME, which is very close to the design of Windows 98, is not vulnerable. Microsoft has also released a scanning tool which administrators can use to find machines which are not patched against the MS03-026 or MS03-039 vulnerabilities. You can get information about the tool and download it here: Microsoft Knowledge Base Article - 827363.