This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.This has been exploited for a month or so. I haven't posted much on it, because there really wasn't much you could do. Now there's a patch, so you'll want to get patching. Or switch to Firefox, which is a lot faster to get fixes out.
Thursday, January 28, 2010
IMPORTANT: Microsoft Internet Explorer emergency patch available
It's very unusual for Microsoft to release a patch out-of-cycle (i.e. not on Patch Tuesday). This is for all versions of Internet Explorer, even IE8, so if you still run IE run-don't-walk to Microsoft for some security goodness.