Microsoft has released a new security bulletin which details three critical vulnerabilities in the Windows operating system. While there are currently no active exploits, the potential exists for an attacker to gain control of the target system. The last time a vulnerability of this nature was discovered, it was only 24 days until the appearance of the Blaster worm. Microsoft urges users of Windows XP, Windows NT 4.0, Windows 2000, and Windows Server 2003 to read Security Bulletin MS03-039 and install this critical security patch immediately. There are links directly to the patches for the vulnerable operating systems at Microsoft's website. Look under the heading "Patch Availability". If you are not sure about your operating system you can have Microsoft assess which patches you need at http://windowsupdate.microsoft.com. You can read more news about this vulnerability at http://www.msnbc.com.

Sobig.f pummeled email servers worldwide with attempts to propagate itself. According to many experts, the code contained an expiration date of September 10, 2003. If history is any guide, it will not be long until Sobig.G is launched. As always, please be wary of ANY email attachments. When Sobig.F was launched, Symantec and other virus protection companies were able to develop a virus definition within a few hours. There will always be a gap between the discovery of a new email born virus and a definition designed to identify it.

At Dnet we scan all email for viruses and we update our virus definitions daily. We also subscribe to a variety of exploit notification services such as CERT, VirusEye, and of course Microsoft. When any notification service informs us of a new virus in the wild, we begin immediately checking for the availability of a virus definition update. As soon as an update is available we will manually update our scanners with the new definition rather than waiting for the regularly scheduled daily update.