As you are probably aware, Microsoft releases security updates on the second Tuesday of each month. However, this week there is a dangerous security hole in Internet Explorer that they’ve haven’t patched yet. This vulnerability is so severe that users are advised to immediately apply a workaround fix.
This particular flaw lets attackers infect the victim’s computers (running Windows XP or Windows Server 2003) after they’ve clicked on a video link in Internet Explorer. The vulnerability allows attacker to run arbitrary code under the same user rights of the local user. The worst part of it is the fact that this is not some theoretical hole; Microsoft clearly states that they’re already aware of malicious hackers exploiting this vulnerability.
If you’re running Internet Explorer under Windows XP or Windows Server 2003, you should go apply the emergency fix, which can be found at http://support.microsoft.com/kb/972890#FixItForMe, right away. The real patch will likely come in seven days, with Microsoft’s regular security update bundle.
Note that this flaw does not exist on Windows Vista or Windows 7. Additionally, this does not apply to users of the Firefox browser on Windows XP. If you haven’t yet tried out Firefox as an alternative to Internet Explorer, you really should.