Microsoft released KB2871997 to address the “Pass the hash” vulnerability, but according to the following blog post pass the hash is still possible using the local Administrator account (SID 500):
Yesterday Microsoft released the last patches for Windows XP and Office 2003. No more vulnerabilities will be patched in these products. You can find more information of the latest patches in the security bulletin for april:
Bruce Schneier has written this interesting blog-post about how to become a Security Expert, I think that the concept does apply on almost all areas.