WordPad and Internet Explorer are both going to see an increase as vectors for attack.  A new exploit, that requires you to have XP SP2 or earlier and to open an attachment should be coming your way soon.  Make sure to avoid any files with a .wri extension, as that is a way being used to circumvent Word from opening the file.  The exploit is only in a specific function of WordPad. 

Also, IE7 (on XP and up) a brand new and widely available script can give a remote attacker the same privileges as whoever is using the PC when it is attacked.  This vulnerability usually arrives via SQL injection.  Check out Slashdot for more information.

“Microsoft says attackers are now exploiting a critical Windows bug that it didn’t get around to fixing in its biggest batch of security patches in more than five years, issued yesterday. Microsoft said that ‘limited and targeted’ attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. If Microsoft patches the WordPad problem on its monthly schedule, the first opportunity for fixing the flaw would be Jan. 9, 2009.”

“There is an even more serious flaw … From SANS: ‘There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.”

Here is some more Tech News from around the web:

Tech Talk