If you haven't hit the Windows Update button yet today, you should.
Microsoft's final batch of patches for 2007 has been released to cover at
least 11 security vulnerabilities that put millions of users at risk of remote
code execution attacks. The December updates includes a "critical" bulletin with
patches for at least four flaws affecting Internet Explorer and a two separate
high-severity bulletins for code execution bugs in Windows Media File Format and
Microsoft DirectX.
The most serious bug addresses in the IE update (MS07-069) could allow
drive-by exploits if a user viewed a specially crafted Web page using an
unpatched browser. It carries code execution risks for most versions of Windows,
including the newer IE 7 on Windows Vista.