We've decided to go back to green on the Snort Back Orifice pre-processor buffer overflow vulnerability. The reason for ratcheting down to green is primarily this: if you haven't shut off the Back Orifice preprocessor by now or come up with another work around, you probably aren't going to in the near future. This is still a hugely important issue, but our infocon status is designed to reflect changes in the threat level. So, we're back at green, but reserve the right to go to Yellow or higher if a worm starts to spread using this vulnerability. From our internal deliberations, such a worm would be highly problematic. BTW, as Kyle Haugsness pointed out last night in this article, HD Moore has recently released some piece-parts of a sploit for this flaw in Metasploit. We're very close to full exploitation, so shut off that darn preprocessor ASAP. Also, check with your vendors if you suspect your commercial product may have Snort code in it. Several IDS and IPS tools do, so watch out!