As noted in https://iris.eecs.berkeley.edu/news/2005/0811-Microsoft_security_p-363.shtml, Microsoft security patches for August 2005 were released on Aug 9, 2005.
The critical Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 has become a vector for active exploits and administrative compromise of Windows systems. There are active exploits in the wild.
Because of this, it is now assumed that any system that has not been patched for the Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 is compromised.
Both security@EECS.Berkeley.EDU and security@Berkeley.EDU are actively scanning the network for systems that are not patched for MS05-039.
Effective Today 8/22/05. it is now assumed that any Windows 2000 (Home, Professional, or Server) system that has not been patched for the Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 is compromised.
If these scans show any Windows system that is not patched, support for the system will be suspended.
If the system is Windows 2000 (Home, Professional, or Server), it will be required to be re-built from secure media prior to resumption of support.
All other Windows systems will be required to install the patch prior to resumption of support.
UPDATE
[2005-08-29 12:58:37 | Michael Bordua]
As noted in https://iris.eecs.berkeley.edu/news/2005/0811-Microsoft_security_p-363.shtml Microsoft security patches for August 2005 were released Aug. 9, 2005.
The critical Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 has become a vector for active exploits and administrative compromise of Windows systems.
There are active exploits in the wild.
Both security@EECS.Berkeley.EDU and security@Berkeley.EDU are actively scanning the network for systems that are not patched for MS05-039.
Effective Aug. 22, 2005: Notices will be sent to those Windows 2000 systems that are not patched for MS05-039. Network services for these systems will be suspended immediately. Systems should be patched offline prior to Aug. 29, 2005. If they are not patched after that, they will be required to be rebuilt.
NOTE: It is strongly recommended that systems that are not already patched for MS05-039 be rebuilt rather than patched. It is an option that they be patched offline only prior to Aug. 29th, 2005, however if the system is found to be causing problems due to a compromise prior to before MS05-039, then the owner of the system will be held responsible for all costs related to cleanup because of the systems compromise.
Beginning Aug. 29, 2005: It will be assumed that any Windows 2000 (Home, Professional, or Server) system that has not been patched for the Vulnerability in Plug and Play as listed in Microsoft Security Bulletin MS05-039 is compromised and will be required to be rebuilt before assuming EECS network access.