From SANS: 'There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'Easy alternatives to IE are here.
Like I said, get off IE and don't go back. This is only the latest example, and the browser is the vector for 90% of the malware. This is the single most important thing you can do to improve your online security.
By the way, the unpatched vulnerability in Microsoft's Wordpad (also being exploited) applies to all versions of Windows, which probably makes this the most widespread vulnerability of all time.