Zero-day means there's no fix.
Thousands of websites have been hit by fast-moving exploit code that installs a cocktail of nasty malware on visitors' computers by targeting a previously unknown vulnerability in some versions of Internet Explorer.
The compromised websites link to a series of servers that exploit a zero-day vulnerability in an IE component that processes media. The vulnerability affects those using the XP and 2003 versions of Windows, Microsoft warned in this advisory.
This is only the latest example of why you shouldn't use Internet Explorer. If you haven't done so already, here's why you should switch to Firefox:
1. They are much, much faster getting fixes out - typically days, rather than weeks. Microsoft updates IE once a month, on Patch Tuesday. Firefox releases when they need to.
2. You get new fixes much faster with Firefox. IE fixes come out via Windows Update; do you know if yours is configured to run correctly? To run at all? Firefox, on the other hand, automatically checks for security fixes, and tells you when it's downloaded one.
3. ActiveX is an Abomination unto the Lord, at least from a security perspective. ActiveX lets your browser load executable code from someone who's not Microsoft. If there's a bug in this code, a fix doesn't come out on Patch Tuesday. Worse, if you've checked the box that says "Always trust content signed by FooCorp", Internet Explorer won't even tell you when it's loading potentially buggy code.
How cool is ActiveX? This cool:
What isn't in dispute is that IE 7 on Vista is not vulnerable, presumably because ActiveX objects are blocked by default, according to this blog entry from McAfee researchers Haowei Ren and Geok Meng Ong.Sheesh. So you should go get Firefox right now, unless you don't care if you get pwned.
And don't forget the 2 Simple Rules for Safer Browsing.