Internet Explorer - Really, you should just stop using it. If you absolutely must, your next best option is to disable ActiveX entirely; the new exploit targets an ActiveX Control, and is the second one in a month. As The Register puts it, Swiss Cheese browser gains another hole:
Actually, that's a bit unfair to swiss cheese ...
The timing of the advisory, a day before Microsoft's monthly Patch Tuesday update, suggests it's highly unlikely that a fix will become available until August at the earliest.
Monday's advisory adds to the list of pending Internet Explorer vulnerabilities, most notably an unpatched flaw in Microsoft Video ActiveX Control that has become the target of widespread exploitation since earlier this month. The flaw is particularly serious because Internet Explorer users can get hit simply by straying onto a hacker-controlled website, providing they are running Windows XP. Vista, as with the latest ActiveX bug, is far less susceptible.
IE users need to go to Tools -> Internet Options. Select the "Security" tab, and then click "Custom level". Make sure the following under "ActiveX Controls and Plugins" are disabled:
- Allow previously unused ActiveX Controls to run without prompting
- Allow scriptlets
- Download unsigned ActiveX Controls
- Download signed ActiveX Controls (this is the biggie, and is almost certainly enabled by default)
- Initialize and script ActiveX Controls not marked safe for scripting
- Run ActiveX Controls and plug-ins (this is the other biggie)
- Script ActiveX Controls marked safe for scripting (the third biggie)
Firefox - If you switch from Internet Explorer, make sure to go to Firefox 3.0, not 3.5, because there's an attack targeting some code that's new in 3.5. Important: if you are running Firefox 3.0.x, you're fine; the exploit will not work against you. If you're running 3.5, you are vulnerable.
Brian krebs at Security Fix has instructions for protecting your Firefox 3.5:
Brian Krebs has an information-rich post about the Internet Explorer vulnerability; seems it's being exploited by hundreds of compromised web sites that are serving up malware to pwn you longtime. I can't emphasize too strongly that you are probably not securable if you run Internet Explorer. If you haven't already, just switch to Firefox. Really.