Microsoft has released patches which close a number of critical vulnerabilities in Microsoft Office Web Components 2000 and separately, Internet Explorer. These vulnerabilities can allow a remote attacker, by use of an email message or web page, to run programs, alter and/or access data, or wipe the hard drive on a target system. Any system with Microsoft Office 2000/XP is vulnerable and should have the patch applied. Other Microsoft software, including some server software is also affected, for more information please see the following: http://www.microsoft.com/technet/security/bulletin/MS02-044.asp It is recommended that users install the patches using the "Office Products Updates" site: http://office.microsoft.com/productupdates/ Also, patches were released yesterday to close critical vulnerabilities in Internet Explorer. These are available through the "Windows Update" site. http://windowsupdate.microsoft.com/ For direct access to the cumulative patch: http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp Finally, for those using Microsoft Outlook, these vulnerabilities would be partially mitigated if the Outlook Email Security Update was installed: http://office.microsoft.com/Downloads/2000/Out2ksec.aspx -- Chris Russel | Manager Information Security [log in to unmask] | York University, Toronto, Canada