Microsoft Security Patch Shown to Be NecessaryCNET
If you skipped Microsoft's first security patch of 2008, a new demonstration of its vulnerability should spur you to action.The security firm Immunity has released a working version of a TCP/IP exploit that would affect unpatched Windows XP and Vista systems. The company didn't release the exploit into the wild -- they provided it to their clients for use in testing their systems vulnerability. Still, the existence of the exploit proves its workability and increases the attraction for malicious distribution of a similar attack. A successful attacker could, according to Microsoft, "install programs; view, change, delete data; or create new accounts with full user rights" on an affected system.
You need to be registered with Immunity to get details of the exploit, but you can view a video about it. The latest Microsoft patch is available here.CNET