New Microsoft Vulnerabilities, get patches now

Villain

Ok I'm sure any of you tech people will have these vulnerabilities well covered but just incase people don't:

1:Microsoft Windows DCERPC DCOM Heap Overflow Vulnerability

This is a similar vulnerability to the one that the Blast/Lovesan worms took advantage of. At the moment there is no known worm that takes advantage of the vulnerability but IT experts reckon a new worm is less than a week away. Also the Blaster and Lovesan worms could potentially be altered to exploit the vulnerability.

Microsoft has released a patch (MS03-039) to protect operating systems from being exploited.

2:Microsoft Visual Basic For Applications Document Handling Buffer Overrun Vulnerability

This vulnerability affects the following applications Office 97, 2000, and XP, Word 98 (J) Visio® 2000 and 2002 Project 2000 and 2002 and some other non-sunlife standard applications.

There are no known exploitations for this vulnerability. If one is created it will come in the form of a .VBS attachement via email. When the user launches the attachement the VBS file will allow a remote user access to the comupter.

Microsoft has issued patches (MS03-037) for this vulnerability. PCI and rollout are almost ready to send these out. The rollout will be in three phases. The first patch will be for all Office 2000 users. This is scheduled for later this week.
The 2nd patch will be for Office 97 users (Old Sunlife PC's), and the 3rd patch is for Project 2000. The 2nd and 3rd patches are not scheduled yet. They are waiting for the first rollout to be completed and will then send the 2nd and 3rd. A knowlix solution will be provided closer to the rollout.

Zip File attached has detailed info on both the later one is in PDF format