Ok, for all M$ users, here's January's bulletins hot off the M$ presses...and a day before their webcast (hmmm). Be sure to note another MDAC buffer overflow!

Vulnerability in Microsoft Internet Security and Acceleration Server 2000
H.323 Filter Could Allow Remote Code Execution (816458)
http://www.microsoft.com/technet/tre...n/MS04-001.asp

Who should read this document: Customers who use Microsoft® Internet Security and Acceleration Server 2000

Impact of vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should install the security update immediately

Update Replacement: None

Caveats: None

Affected Software:

Microsoft Internet Security and Acceleration Server 2000 - Download the update
Microsoft Small Business Server 2000 (which includes Microsoft Internet Security and Acceleration Server 2000) – Download the Update
Microsoft Small Business Server 2003 (which includes Microsoft Internet Security and Acceleration Server 2000) – Download the Update
Non Affected Software:

Microsoft Proxy Server 2.0
Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation
(832759)
http://www.microsoft.com/technet/tre...n/MS04-002.asp

Who should read this document: System administrators who have servers that are running Microsoft® Outlook® Web Access for Microsoft Exchange Server 2003

Impact of vulnerability: Elevation of Privilege

Maximum Severity Rating: Moderate

Recommendation: System administrators should install this security update on all front-end servers that are running Outlook Web Access for Exchange Server 2003. Microsoft also recommends installing this security update on all other Exchange 2003 servers so that they will be protected if they are later designated as front end servers.

Security Update Replacement: None

Caveats: Apply the update when a disruption in OWA and Simple Mail Transfer Protocol (SMTP) mail flow and other Internet Information Services (IIS) applications is acceptable.

Affected Software:

Microsoft Exchange Server 2003 - Download the Update
Non Affected Software:

Microsoft Exchange 2000 Server
Microsoft Exchange Server 5.5
Buffer Overrun in MDAC Function Could Allow Code Execution (832483)
http://www.microsoft.com/technet/tre...n/MS04-003.asp

Who should read this document: Customers who are using Microsoft® Windows®

Impact of vulnerability: Remote code execution

Maximum Severity Rating: Important

Recommendation: Customers should install this security update at their earliest opportunity.

Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-033.

Caveats: None

Affected Software:

Microsoft Data Access Components 2.5 (included with Microsoft Windows 2000)
Microsoft Data Access Components 2.6 (included with Microsoft SQL Server 2000)
Microsoft Data Access Components 2.7 (included with Microsoft Windows XP)
Microsoft Data Access Components 2.8 (included with Microsoft Windows Server 2003)
Note The same update applies to all these versions of MDAC - Download the Update

Microsoft Data Access Components 2.8 (included with Windows Server 2003 64-Bit Edition) - Download the Update