Microsoft has released a patch that reportedly eliminates a
critical security vulnerability in some versions of Microsoft
If exploited, the vulnerability would allow a hacker to gain
complete control over a remote computer. This would give the
attacker the ability to take any action on the computer they
desired - including changing web pages, reformatting the hard
drive, or adding new users to the local administrators group.
Microsoft says the vulnerability is present in the following
versions of Windows: Microsoft Windows NT 4.0, Microsoft Windows NT
4.0 Terminal Services Edition, Microsoft Windows 2000, Microsoft
Windows XP, and Microsoft Windows Server 2003. Microsoft Windows
Millennium Edition is not believed to be affected.
Further details of the vulnerability and how businesses can
patch against it can be found at www.microsoft.com/security/bulletins/200309_windows.mspx.
Microsoft has also published step-by-step instructions for home users on how to
help protect their computers with critical updates.
"Loopholes are found in products on a weekly basis, some
significant, some trivial," said Graham Cluley, senior technology
consultant at Sophos. "IT managers should keep abreast of these
loopholes and apply patches where appropriate before viruses and
hackers come along to exploit them."
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp.
Other vendors offer similar services.