In case you missed it, yesterday was "Patch Tuesday," & eleven vulnerabilities were patched during Microsoft's last patching of 2007.

"Of the seven updates, three are rated critical -- the highest ranking Microsoft uses -- while the other four are labeled important, the second-highest category in the company's four-step scoring system."

Didn't take long after the posting of the proof-of-concept code for the actual exploit code to appear in the wild. Think Apple will be working feverishly to get this patch going? I sure hope so...

"The vulnerability, found in the way QuickTime processes RTSP (Real Time Streaming Protocol) replies, can lead to remote attackers hijacking vulnerable systems. This proof of concept code was posted on Nov. 23 by security researcher Krystian Kloskowski."

Firefox's JAR protocol handler flaw is finally getting some attention after nine months on Bugzilla when a security researcher produced a proof-of-concept hack using GMail.

"Attackers can exploit the flaw by uploading any content -- malicious code, for example, or a malformed Office document -- to a Web site, then entice users to that site and its content with a link that includes the jar: protocol. Because the content executes in the security context of the hosting site, if that site (eg., a commercial photo sharing service) is trusted, then the malicious code runs as trusted within the browser too."

IRC-run bot nets are the bane of existence for any help desk monkey; which is why I see this guy as only really creating problems for others like himself. For SHAME!

"From his home and his workplace, Internet telephony firm 3G Communications, between 2005 until early 2006, Schiefer and unidentified co-schemers created a network of compromised computers that they controlled through Internet Relay Chat commands and used the bots to spread malware and to steal PayPal user names and passwords."