This week, the FBI's National Infrastructure Protection Center (NIPC) released an advisory discussing recent hacker penetrations of US e-commerce and e-banking systems. The advisory noted that more than 40 companies in 20 states have been attacked, and in some cases proprietary information including customer databases and credit card information has been stolen. In many cases, the hackers entered the systems via machines that had not been patched against known vulnerabilities.

Microsoft shares the FBI’s and NIPC’s concern regarding these attacks, and strongly urges customers to stay current on security patches. Microsoft is committed to providing customers with detailed information about vulnerabilities and how to protect against them. We have recently changed our security bulletin format to provide better, clearer information about vulnerabilities and the risk they pose, and we are delivering tools that will help customers ensure that their systems are up to date. However, only our customers can install the patches on their systems.

A handful of known vulnerabilities account for the vast majority of attacks against systems running Microsoft products. We recommend that all customers immediately review the following security bulletins and ensure that they have taken the appropriate actions.