As you certainly know, Internet attacks often attempt to install porn-popping adware by exploiting the more dangerous types of bugs.
Last October I told you about one such problem in Internet Explorer involving Vector Markup Language, a rarely used, Microsoft-only Internet graphics format. Criminals launched multiple attacks exploiting the hole before Microsoft released a patch. And now, a second, very similar VML flaw is under fire.
Like its predecessor, this bug allows an attacker to take control of--or download porn-popping adware to--a PC running Windows XP Service Pack 2 or Windows 2000 SP 4 if the victim simply views a poisoned image within IE. Both IE 6 and 7 are affected, but IE 7 in Windows Vista is not.
You can obtain the patch through Automatic Updates, or you can download it from Microsoft TechNet.
Office Fixes
Microsoft also patched critical security holes in Excel and in Outlook (Outlook Express is not affected). Both vulnerabilities are rated "critical" for the Office 2000 versions of the programs, but are downgraded to "important" (the second-highest severity rating on Microsoft's scale) for Office XP and 2003. The Excel holes are present in Works Suite 2004 and 2005, too. As usual, either flaw can be exploited if you open a tainted file (.oss for Outlook or .xls for Excel) as an attachment or Web download.
Again, if you have Automatic Updates turned on, you should be protected. If not, get the Excel patches, and grab the Outlook patch, from Microsoft. At press time no attacks against these holes were yet circulating.