Over the past years we've heard tons of stories, seen about a zillion patches and updates for all kinds of programs and there have always been exploits around. However, there usually was quite some time in between the date the problem became known and they date exploits (other than POC) were found and used.
In the last year we've seen this timeframe diminish to sometimes as little as a couple of days, and more and more "zero-day" exploits are being reported. If you ask me, it's due to the fact that in order to keep their lucrative business running, malware authors need to exploit everything they can. While each day new and unprotected computers become available for infection and abuse, an ever growing number gets fixed, secured and patched as well. This leaves the abusers a smaller number of "easy targets" and in order to compete and deliver what they are paid for, they revert to more aggressive tactics.
Now... how does that affect you? It's very simple : if you're not part of the solution, you're part of the problem. This means that it's gonna be a neccesity - it even is one today - to be aware of exploits, patches and available updates, even if you're just a user, Joe Average.
How? By signing up (for free) for some low volume security related newsletters, by browsing specialized sites and becoming aware of the fact that security is no longer a matter for specialists alone. You can find some links below, those are a good start I'd say.
Oh, if you wonder why I post this right now, here's the answer : 0-day exploit for winamp.
Note : While windows XP SP2 hasn't been giving me any trouble so far, tuning the new firewall I installed (not the one included in SP2) seems to be a pain in the ass. Well, better a pain in the ass than a firewall with holes in it by default. I'm punching holes right now, to get everything allowed that needs access.
Update 2004-08-27 : according to discussions in the winamp forums, there should be a release of winamp 5.05 (or 5.04x depending on whether or not other functionality/fixes are included or not) should be released soon. Another noteworthy point is that not only IE might be a mitigating factor for infection, nor is it necessary to have winamp running to possibly be infected.