Microsoft Patch Tuesday fixes clippy flaw

Oh noes! It looks like some hackers have taken beloved oft-maligned Office helper Clippy hostage and are forcing him to perform nefarious deeds. Today's monthly round of "Patch Tuesday" patches includes but one "critical" fix: a patch for a URL-spoof that can be used to take over a Window's user's system via the Clippy Microsoft Agent (provided that the user is running a version of Office older than 2007). "This one is critical, and it's like a browser fix: You surf to an evil website and you'll get hacked," said Eric Schultze, chief security architect at Shavlik Technologies. Also on tap for this month:

• MS07-054: An "important" bulletin that includes patches for a code execution hole affecting MSN Messenger and Windows Live Messenger.
• MS07-052: Fixes an "important" remote code execution issue in Crystal Reports for Visual Studio.
• MS07-053: Fixes an "important" flaw that could allow an attacker to gain an elevation of privileges in Windows Services for UNIX. 

You know the drill: head on over to Microsoft's website, download the fixes and patch like it's going out of style.

For more on the latest patches:
- see this eWeek article
- and this ZDnet blog post