Microsoft has released its monthly security bulletin for January 2009 to address critical vulnerabilities in Microsoft Server Message Block (SMB) Protocol. We strongly suggest applying the patches provided by Microsoft for these vulnerabilities.

Microsoft Security Bulletin MS09-001 - Critical
Vulnerabilities in SMB Could Allow Remote Code Execution
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Microsoft has already addressed this vulnerability with a patch. The patch and additional information are available here.

Note: This vulnerability should not cause a Web filtering concern, since the SMB protocol is used locally for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.

References: Microsoft Security Bulletin Summary for January 2009