Foundstone Research Labs has discovered a critical flaw in Microsoft Data Access Components (MDAC) and that could be used to spread viruses and worms similar to what Code Red and Nimda have done in the past. This flaw (Buffer Overrun) in MDAC could allow the execution of code through systems running Microsoft Internet Information Server (IIS) with MDAC or running Microsoft Internet Explorer 5.01, 5.5, or 6.0 on any version of Windows other than XP.

Microsoft has given the flaw a critical rating and highly suggest that patches be applied to all systems that are subject to the flaw.

For additional information and to download a patch go to: