I think we will see an exploit materialize either in a test harness or as an actual public exploit within a few days.

This is something that is not inherent in the operating system.

The flaw is fairly significant in terms of its reach.

Once an area of weakness is pinpointed, hackers tend to dig at it. As more eyes turn to that area, more defects are found.

When Microsoft said last week that it would release seven patches, people were holding their breath. You had to figure with that many, the chances were great that there would be a very dangerous vulnerability. But after looking at these, I think we can let out a sigh of relief.

It's hard to say at the moment, since this is just the beginning. But if SANS' report is accurate, I think we'll see additional targeted attacks where spam is sent to users at a specific organization in the hope that someone clicks on the link and downloads the malicious code so the attacker can infiltrate the network.

So while you might think it is coming from cousin Alice, most likely cousin Alice is not going to send you something that says 'Hey look at these pictures with naked people.' So that should be your first clue that a virus is propagating and you'd be well served to call cousin Alice to let her know that she is [unknowingly] sending out this type of e-mail.