Hopefully everyone has seen this, but if not:

Windows Small Business Server at risk from critical flaw

Microsoft initially omitted Small Business Server from its list of critically affected OSes, but is now offering patches via its automatic update services

In an update to its MS08-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows' networking software.

The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product's users were being offered patches via Microsoft's various automatic update services. "Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure," Microsoft said in its updated bulletin.

The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft said that an attacker could send specially crafted packets to a victim's machine, which could then allow the attacker to run unauthorized code on a system.

Windows Small Business Server at risk from critical flaw | InfoWorld | News | 2008-01-24 | By Robert McMillan, IDG News Service

ttfn

David