Most readers should hopefully be aware of the severe RPC vulnerability announced a couple weeks ago that affects all versions of Windows NT, 2000, XP, and 2003. The U.S. Department of Homeland Security just released a second advisory about the flaw, urging users to install the appropriate patch ASAP. More details can be found here, and the patch itself (along with technical details) can be found here.
A new vulnerability in IE has also been reported. According to this article, "Notepad popup windows can be displayed from an HTML email message or Web page regardless of browser security settings. In addition, Notepad popups can access files on a hard disk, possibilly causing stability problems in a Windows saystem." A followup post on Bugtraq points out that this IE flaw also affects many other mimetypes and protocols. For now, the only fix is to switch to another browser.