Get ready for the next wave of malware

Yesterday when Microsoft released MS05-20 which addresses an IE DHTML object memory corruption vulnerability (CAN-2005-0553) I groaned at the thought of the attack vector that this will provide. Only a few hours later, there was already a proof-of-concept exploit released which is now floating around in the public. It should only be a few days now before we start to see that code turned into something more hostile and malicious.

Result? Get that patching done NOW!

Now, if you are still not heeding my call to run as a non-admin, perhaps this snippet from the advisory will put you in a better frame of mind in WHY its so important to reduce your own privileges:

If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

(Boldness added for dramatic effect)

Get the point? Good. So start running as a "Normal Computer User" today.