From Techworld
Malicious code that exploits a new hole in MSN Messenger has been published on the Internet. Security experts have warned it could soon result in a worm or virus. The code attacks a vulnerability in Messenger’s “libpng” component which is used to display PNG image and icon files. More than one example of code to exploit the hole is now available on the Internet, along with directions on how to use it to attack vulnerable Messenger applications. The code can cause Messenger to crash, or allow a remote attacker to run code on vulnerable Windows machines, according to a Vulnerability Alert released by Symantec.
On Tuesday, Microsoft released a critical patch, MS05-009, that fixed several holes in libpng for the PNG hole. Please, please run Windows Update now!