“We saw a new nasty exploit yesterday around 5:00 PM. […]
We have a number of sites that we have found with this exploit. Different sites download different spyware. We only had a handful of websites using this new exploit but now we are seeing many more using this to install bad stuff. […]
Folks, I’ve seen it with my own eyes and this is a really bad exploit. Be careful out there.”
Microsoft Security Advisory 912840 discusses a “Vulnerability in Graphics Rendering Engine [which] Could Allow Remote Code Execution.”
F-Secure lists sites you should avoid until the vulnerability is patched.