Attack code for critical Microsoft bug surfaces
Just hours after Microsoft posted details of a critical Windows bug, new attack code that exploits the flaw has surfaced. It took developers of the Immunity security testing tool two hours to write their exploit, after Microsoft released a patch for the issue Thursday morning. IDG News Service, 10/23/2008.

Also:

Data-Stealing Trojan Exploiting Just-Patched Windows Flaw
Microsoft says Windows flaw could bring worm attack
Microsoft advisory: Vulnerability in Server Service Could Allow Remote Code Execution
**********

FreeBSD patches IPv6 issue
A vulnerability in FreeBSD's Neighbor Discovery protocol, part of its IPv6 implementation, could be exploited by an attacker to update router configurations without authorization. An update is available.
**********

Debian releases fix for libspf2 flaw
Dan Kaminski, the guy who figured out the major flaw in DNS this past summer, has found a buffer overflow vulnerability in libspf2, an implemenation of the Sender Policy Framework that is used by mail servers to filter for Spam and other bad messages. An attacker could exploit the flaw to run malicious code. An update is available.
**********

Two new updates from Ubuntu:

Moodle (code execution)
Amarok (race condition, file overwrite)

Jason Meserve is multimedia editor at Network World.