Dear Valued Microsoft Customer,
We are contacting you today to make you aware that we have released Microsoft Security Bulletin MS03-039 today, September 10, 2003. This bulletin details three critical vulnerabilities in the Windows operating system and provides instructions for applying the corresponding patch. While there is currently no active exploit of this vulnerability, if successfully exploited, these vulnerabilities would allow an attacker to gain control of the target system.
We strongly encourage you to obtain and deploy this patch to any affected system that connects to your network; this includes systems on your local area network and remote or mobile systems. For the most current information on affected systems and recommended remediation steps, please read the bulletin posted at:
http://www.microsoft.com/technet/security/bulletin/ms03-039.asp
We understand the potential effect this situation and the recommended remediation steps may have on you. Microsoft is committed to providing you with information and tools to help run your enterprise safely and reliably on an on-going basis. When we become aware of vulnerabilities, it is our goal to quickly share protection and remediation information and work in partnership with you to eliminate these kinds of threats to your business. In order to help protect your computing environment from security vulnerabilities, we strongly encourage you to visit
http://www.microsoft.com/technet/security/protect and implement the following three steps in your enterprise:
1. Verify firewall configuration. Audit Internet and intranet firewalls to ensure they comply with your security policy; these are your first line of defense. In addition, evaluate using host-level firewalls such as the Internet Connection Firewall in Windows XP. This is especially important for systems such as laptops and home PCs that connect to your network remotely.
2. Stay up-to-date. Use update services from Microsoft to keep your systems up-to-date.
· Automatic Updates, available on Windows XP, Windows 2000 SP3 and SP4, and Windows Server 2003. Automatic Updates works with the Windows Update Web site to automate the process of updating Windows systems.
· Software Update Services (SUS), a patch-distribution server available for download from our Web site. SUS enables you deploy a server in your business that Automatic Updates clients will use to get only approved and tested patches.
In addition to using these update services, we strongly recommend that you subscribe to Microsoft?s free security notification service at
http://www.microsoft.com/securitynotification, so that you are proactively kept aware of new security issues.
3. Use and keep antivirus software up-to-date. Antivirus software programs will help protect your systems against many viruses, worms, Trojan horses, and other malicious code. To protect your systems from new viruses, it?s also important to obtain up-to-date antivirus signatures through a subscription service from the antivirus software vendor. You should not let remote users or laptops connect to your network unless they have up-to-date antivirus software installed. In addition, consider using antivirus software in multiple points of your computer infrastructure, such as on edge Web proxy systems, as well as on email servers and gateways.
You should also protect your network by requiring employees to take the same three steps with home and laptop PCs they use to remotely connect to your enterprise, and by encouraging them to talk with friends and family to do the same with their PCs. To make this easier, we have set up a new Web site to assist PC users at
http://www.microsoft.com/protect.
Again, we want to encourage you to read this security bulletin and deploy the patch to your systems. We want to thank you for your patience and work with you to protect your business from these kinds of security threats.
Thank you,
Microsoft Corporation
Facebook
Twitter