Buffer Overflows in NT
Via the NT Bugtraq list comes these two excellent articles about discovering and exploiting buffer overflows in NT. The first, by dark spyrit, shows how he located an overflow inf SLMail and demonstrates how to use that to start an interactive console session listening on any port. He also provides an excellent tutorial on patching overflows in binary files if you can't wait for the official vendor patch.
The second is The Tao of Windows Buffer Overflow by DilDog and is a tutorial of the fundamentals of understanding how buffer overflows occur and why you should be concerned.