New Microsoft Critical Update

UC Davis is urgently recommending Windows users to install the most recent Critical Update issued by Microsoft on Monday, February 10, 2004. This update (KB828028) removes a vulnerability that could allow an attacker to overwrite a program's code, changing its operation. If left unpatched, the vulnerability could also allow an attacker to gain full access to a system. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts.

This vulnerability affects Windows 2000, Windows Server 2003 and Windows XP. It is highly recommended that users of these systems install the update as soon as possible. To download the critical update now, select your system from the list below:

Windows 2000
Windows Server 2003
Windows XP

For additional information about this vulnerability and the critical update, see the Microsoft Security Bulletin MS04-007.

For Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) users who have installed security update MS03-041, this may be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll or go to the Windows Update page ( and scan for updates. If this file is present, this security update is required. The patch for computers running WindowsNT can be directly downloaded via the Microsoft web site.