Microsoft Warns Software Users of 'Critical' Flaw:
"The company called the software flaw a "critical" vulnerability, its highest rating. It is the second major security flaw announced this month by Microsoft, which recently began issuing regularly scheduled security patches for its software. "We urge all of our customers to apply this update," said Stephen Toulouse, a security program manager with Microsoft's security response center.

The flaw, one of three announced yesterday by Microsoft, affects a fundamental building block of network operating systems known as Abstract Syntax Notation One, and helps govern how machines communicate with one another and how they establish secure communications. Microsoft's version of that protocol is flawed, and could be used to gain control of the target machine. The company said there was no evidence that any attacks based on the flaw had occurred.… "

For now, Mr. Cooper said, computer users are probably safe because the flaw "is not exactly a simple one" to take advantage of, and no attack that would exploit the flaw had appeared on the hacker sites where such code is freely circulated. But once such an attack method is created, he said he expected to see a malicious program that could circulate via e-mail messaging and which would have as profound an effect on computer networks as the widespread "Blaster" worm of last year.…

http://www.nytimes.com/2004/02/11/technology/11worm.html