http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS 03-049.asp From Eweek Larry Seltzer: Security Update No New Vulnerabilities, But Definitely Time To Patch! Even though Microsoft announced recently that no new security bulletins <http://eletters.eweek.com/zd1/cts?d=79-362-5-8-69236-43245-1> are scheduled for December, other news has emerged that makes it urgent for you to re-check the status of your systems and make sure that certain patches are applied. This goes double for systems on the Internet periphery of your network. Researchers at Core Security Technologies have discovered a new way to launch a previously disclosed attack on Windows <http://eletters.eweek.com/zd1/cts?d=79-362-5-8-69236-43248-1>. The new attack is fast and remotely-based, so the potential is there to attack large numbers of systems quickly. Microsoft had listed in their security bulletin several potential workarounds that could protect users even without the security patch, but the Core findings circumvent these workarounds. The only safe way to proceed is to apply the patch. The vulnerability, a buffer overflow in the Windows Workstation service, is particularly serious because it can be invoked over the network without the user performing any action to permit the attack. It also appears that the technique discovered by Core could serve to circumvent similar workaround procedures for other Windows vulnerabilities. But if you have applied the patch for this vulnerability <http://eletters.eweek.com/zd1/cts?d=79-362-5-8-69236-43251-1>, released about a month ago, you are protected from this attack. Time to get moving and update those systems. You've been warned. ******************************************************** This Weeks Sponsor SeamlessPlanet.com Register your domain name for as low as $7.75 per year! Cheaper than Godaddy..same great service! http://SeamlessPlanet.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm