"can be crafted easily," so be sure you get this one via Windows Update. that there aren't yet any known attacks, but it affects both XP and Vista. But only IE7, interestingly, and not earlier versions of the browser.
You'll also find a fix for the Visio software which can allow an attacker to run any command if you open a hacked Visio file. The program is popular among network and server administrators who typically have far-reaching permissions on their networks, so I wouldn't be at all surprised to see a targeted attack come along that goes after this flaw. Get more info and the patch from The other two fixes are for servers - Exchange and SQL server. There has been exploit code out there for the SQL server flaw since December, , so if you have a publicly accessible SQL server at your company (via a Web site) schedule an emergency fix to prevent a SQL injection or other attack. Get details at the .
Do the same for your company Exchange server, which could be taken over by specially crafted TNEF message sent to it by an attacker. No known attacks against this one just yet, according to the ISC, but don't wait for one to show up. This one's