grack.com

Slashdot is mentioning a new exploit that affects SP2 only.  It’s basically another “remote command execution” letting anyone run anything on your system.  No mention of it on blogs.msdn.com or Scoble’s weblog.

The sad thing is that those using XP SP1 aren’t affected.  It’s only those who are up-to-date with their patches.

One year ago I was showing people Firefox to see how nice the browsing experience was.  Six months ago I started pointing out how IE was fundamentally flawed and how Firefox is more secure overall, but let people make the final choice to switch on their own.  Now, I think I’ll be actively recommending that people still using IE switch over.  Might be time to discuss installing a user-agent filtering transparent web proxy at the office too.