The older security bulletin, MS02-040 was first posted July 31, 2002, and it addressed what Microsoft originally believed was a flaw in a SQL Server command. Microsoft recently determined that the flaw is in a Windows component and that all versions of Windows except for Windows Server 2003 are vulnerable to this critical problem. In the worse case, the vulnerability could allow an attacker to take control of a system.
The revised bulletin can be found at www.microsoft.com/technet/security/bulletin/MS02-040.asp.
Microsoft also issued a brand new bulletin on the issue for Windows users, under the bulletin number www.microsoft.com/technet/security/bulletin/MS03-033.asp.
Microsoft's other bulletin revision on Wednesday updated a July 23 bulletin that fixed a critical flaw in DirectX that could allow an attacker to execute code on a user's system. The new bulletin extends the fix to additional versions of DirectX.
The DirectX bulletin is available at www.microsoft.com/technet/security/bulletin/MS03-030.asp.
About the Author
Scott Bekker is editor in chief of Redmond Channel Partner magazine.