Oops! Missed One Fix — Windows Attacks Under Way

CWmike writes "Microsoft says attackers are now exploiting a critical Windows bug that it didn't get around to fixing in its biggest batch of security patches in more than five years, issued yesterday. Microsoft said that 'limited and targeted' attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. If Microsoft patches the WordPad problem on its monthly schedule, the first opportunity for fixing the flaw would be Jan. 9, 2009." Update: 12/10 22:28 GMT by T : OK, there might have been more than one: reader Simon (S2) writes "There is an even more serious flaw ... From SANS: 'There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'"

Re:Just FYI...

Where can I download Malda's stiff cock?

OT, I know, but not completely

[bytesex]

Fedora 9 also botched an update it seems; since the day before yesterday I keep on getting pop-up messages from the packagekitd: "Update Applet Failed to reset client". And I've done nothing but be a faithful updater. But from the message I can't even begin to fathom whether what it is about is a security risk or not. I figured it might have something to do with yum, so I've run yum update manually. There were some updates, but none that fixed these Very. Annoying. Popups. Fedora Core people, are you listening ?!