What is it?

A vulnerability in the Windows Server service on Windows 2000, XP and 2003 allows remote attackers to take control of the system. It has already been exploited by malware authors, prompting the US Department of Homeland Security to issue a warning on its website.

How does it work?

A buffer overrun can be used to execute malicious code on a target machine. Botnet authors have been using it to install trojan backdoors on systems to expand their networks, but it could easily be used for a network worm.

Should I be worried?

This is a dangerous vulnerability that was already known before Microsoft issued the bulletin (MS06-040) and patch in August. Although no exploit code was publicly available before the patch, malware followed almost immediately. All versions of Windows are vulnerable and can be exploited over the commonly used ports 139 and 445 (used for SMB).

What can I do about it?

Microsoft has issued a patch you should install as soon as possible after expedited testing. On critical machines, or those that cannot be patched, blocking ports 139 and 445 will prevent remote exploit.Use a scanning tool like Microsoft's MBSA to identify vulnerable systems on your network.