From the Movable Type web site:
Version 3.15 fixes a vulnerability in the mail sending packages for all Movable Type
versions which allows malicious users to send email through the application to any
number of arbitrary users.
All users should install this update.
This release fixes a nasty bug where a malicious user can (among other things) post a
comment to an MT weblog and cause comment notification e-mails to be sent to any number
of recipients they choose.
As noted above, the bug is present in all versions of MT - all 3.x as well as
2.x versions. To secure your MT installation, you can either 1) upgrade to MT v3.15, or
2) install the newly-released plugin (patch-20050124-mail-spam.pl). The plugin will
correct the vulnerability in MT 3.x installations prior to MT v3.15 as well as MT 2.661
(the plugin has not been tested on MT 2.x versions other than MT 2.661).
Spammers are already exploiting this flaw on MT weblogs, so it is very important to
upgrade to MT v3.15 or install the new plugin as soon as possible.
Special thanks to Six Apart for their quick action on this issue. Total time from
reporting of flaw to release of fix: 48 hours. (I know this because I reported the flaw.)
Considering the flaw was reported on a Saturday night, this was an excellent response
by the Six Apart team!
Update 26 Jan 2005: Total Choice Hosting (TCH)
the plugin yesterday on all MT installations across all TCH servers to proactively
protect their customers.