Summary:  Proof of Concept Code has been published for three vulnerabilities addressed in the October Microsoft Security Bulletin.  Proof of Concept code often serves as the basis for exploits that circulate the Internet; the release of such code is therefore considered to be a precursor to new attacks.  The most recently released code addresses bulletins MS05-044, MS05-045, and MS05-048.  Microsoft rates these bulletins in a range between "low" and "important", with the exception of MS05-048 which is deemed as "Critical" for Systems using Windows XP Professional x64 Edition.

Recommended Actions:  Windows system managers and support personnel are strongly encouraged to read these bulletin (including all potential caveats) and (if appropriate) apply these patches AS SOON AS POSSIBLE as per the instructions provided by the vendor if they have not already done so.

ITS Actions:  ITS Systems Management and Operations Staff will apply the patches to the propriate ITS servers as part of the next scheduled system update.

Resources:
Security Bulletin Summary for August 2005:
http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx

Security Bulletin MS05-044 Vulnerability in the Windows FTP Client
Could Allow File Transfer Location Tampering
http://www.microsoft.com/technet/security/bulletin/MS05-044.mspx

Security Bulletin MS05-045 Vulnerability in Network Connection
Manager Could Allow Denial of Service
http://www.microsoft.com/technet/security/bulletin/MS05-045.mspx

Security Bulletin MS05-048  Vulnerability in the Microsoft
Collaboration Data Objects Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS05-048.mspx