MySQL is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues.

Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the database server to crash, denying service to legitimate users.

These issues affect versions prior to MySQL 5.0.52, MySQL 5.1.23, and MySQL 6.0.4.

To exploit these issues, attackers can use standard database client software in conjunction with standard operating system utilities.

Solution:
The vendor released updates to address these issues. Please see the references for more information.
Note that MySQL 6.0.4 and 5.1.23 have not been released yet.

I am sure most of you by now know there is a LKM (Loadable Kernel Module) exploit that is nasty and hard as heck to clean.

Read this thread at Webhosting Talk. Make sure you read it through as there is a users there that has investigated several boxes.

The original story first broke a week or so ago at TheRegister and then again a couple days ago at TheChannelRegister.

Now it seems this problem is not easily fixable yet it is very easy for your server to be infected if you are targeted.

Here is where Windows comes into this. The injected javascript looks for exploit, some already patched and one that is new. If you run any of the vulnerable software on your home computer you could be exploited and not even know it.
The vulnerable lie in these components and software

MSIE ADODB

VML

MSIE WebViewFolderIcon

MSIE RealPlayer

QuickTime

AOL Superbuddy

The first 4 are directly related to IE and were patched a while ago. Although patched some people don’t keep up so they’ll get infected.
I’m not familiar with AOL SuperBuddy so I don’t know if it is patched.

The QuickTime exploit is new as of Jan. 10TH and the alert was revised today, Jan 18TH. and affects the QuickTime Updater as well as Qucktime.

In conclusion if you have a server check the sites on it for inclusion of random javascript. Read the article or thread at WHT so you’ll know what to look for. If you’re on a shared host make sure your site isn’t serving the js.

For people using IE, I’m not sure if Firefox will make you vulnerable and from what I’ve read no one knows, make sure you either shutoff javascript or make sure all exploits are fixed. Uninstall Quicktime and QuickTime Updater. If you have it installed and make sure QuickTime is patched with the patched with the newest versions.

I hope no one that reads this is exploited.