The Security Mentor

The bad news is that they're serious, Microsoft hasn't patched them yet, and the people who discovered them published "demonstration" programs to show exactly how to take over a Windows machine. Bad guys will start exploiting these problems quickly.

The good news is that two of the three have no effect on a Windows XP Service Pack 2 system. XP SP2 is only vulnerable to the fourth attack, which involves a booby-trapped help file. Don't open .HLP files from strangers until Microsoft releases a fix. The other good news is that all the news reports about "four" vulnerabilities are wrong. The discoverer listed the same thing twice on their web page.

If you're on an older Windows installation, you'll have a harder time avoiding the problems. One of them crashes your computer if you look at an animated cursor the attacker created. A more serious one can take over your computer if you look at a web page or email containing an icon, cursor, or bitmap image created by the attacker.

The only defense I can think of is to check your email and surf the web from an account that isn't an Administrator and which doesn't contain any important data. My recommended solution is to turn off your computer and enjoy the holidays.