Another exploit is loose in Windows land; this one is for XP and 2003 server and there is no patch yet from Microsoft. It’s got to do with the parsing of WMF files, which apparently are Windows Meta Files (pictures etc). More info from the Washington Post. Am I glad I don’t use Windows…
The article refers to Metasploit, an interesting exploit/payload framework that can be used for security testing. The most interesting thing for me though is that the next version of the framework (currently in alpha) is written in (50,000 lines of) Ruby!