The latest vulnerability could allow bad guys to feed any file to users of Yahoo Messenger, according to an e-mail alert from nCircle Network Security. This is the ninth zero-day exploit to target Yahoo's chat client this year, according to nCircle, and it leaves users vulnerable to Trojan horses and other malware. Yahoo hadn't released word of a patch at press time, but researchers believe that running Internet Explorer 7 with default security settings will likely protect you from this bug.

Yahoo did correct an earlier problem that would have allowed a complicated, two-stage attack through an ActiveX control that's part of Messenger. The exploit is difficult for hackers to pull off--meaning that it's less of a danger for you--but if you have a version of Messenger from before August 29, you should still update by going to the company's Security Updates page. 

Microsoft patched MSN Messenger and Windows Live Messenger in response to an attack that enters through a fake invitation to view someone else's Webcam. If your curiosity gets the better of you and you accept the invitation, the attacker could then do anything that you can on your machine. You are safe if you run MSN Messenger 7.0.0820 or Windows Live Messenger 8.1; otherwise, download the patch through Automatic Updates or Microsoft's Security Bulletin.

Zero-Day in Windows XP

Jonathan Sarba of GoodFellas Security Research Team revealed a flaw in a pair of files in Windows XP's system code that could allow a hacker to take total control of your computer. PCs running HP All-in-One Series Web Release software/driver installer version 2.1.0 and HP Photo & Imaging Gallery version 1.1 are particularly vulnerable to the attack because they use the portions of Windows that the attack exploits. Microsoft says that it's investigating the warning, but the software giant has yet to release a patch. Until one exists, be careful, especially if you run either piece of HP software.