New exploit blows by fully patched Windows XP systems

“We saw a new nasty exploit yesterday around 5:00 PM. […]

We have a number of sites that we have found with this exploit. Different sites download different spyware. We only had a handful of websites using this new exploit but now we are seeing many more using this to install bad stuff. […]

Folks, I’ve seen it with my own eyes and this is a really bad exploit. Be careful out there.”

Sunbelt Blog via BlogsNow

Microsoft Security Advisory 912840 discusses a “Vulnerability in Graphics Rendering Engine [which] Could Allow Remote Code Execution.”

F-Secure lists sites you should avoid until the vulnerability is patched.