As a reminder of how important it is to keep up with software and security updates, exploit code has been released that demonstrates the potential for a (currently patched) flaw to result in system compromise. The flaw, affecting the Remote Access Connection Manager service, was fixed this month as part of the standard security rollouts Microsoft offers. The published proof of concept
code that can cause the compromise affects Windows 2000, XP and Server 2003, but the machines most at risk would be Windows 2000 Professional and Windows 2000 Server. Sadly, those are the two operating systems least likely to be up to date in most corporations.
Secunia classifies these threats as “highly critical”, and given that a large amount of servers in the world run Windows 2000, it's important to keep them updated. Many IT admins will delay patching a machine to verify that a given patch will be compatible with their systems. A good practice, but one that can unfortunately leave a machine vulnerable longer than it has to be. The security bulletin is available on Technet