A zero-day (unpatched) vulnerability in Microsoft’s Internet Explorer is being exploited in the wild, the company warned in an advisory issued today.On the same day it issued software fixes as part of its Patch Tuesday schedule, Microsoft released a pre-patch advisory to warn of the risk of remote code execution attacks against users of IE 6 and IE 7.
From the advisory:
Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.
The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
follow Ryan Naraine on twitter Microsoft said it was aware of targeted attacks attempting to use this vulnerability. No other details on the attacks were offered.
The company made it clear that the newest version of the browser – Internet Explorer 8 — was not affected by this vulnerability.
The simple solution is to update to IE8 or use one of the non IE Browsers. 
Hi bob3160,
Yes, bob3160, that is the best advice.
By the way read the MS warning: http://www.microsoft.com/technet/security/advisory/981374.mspx
polonus
Hi malware fighters,
As the POC was irresponsibly published as a ready to use malcode, we will soon see a lot of drive-by-downloads, situation critical. The code was made by an Israeli researcher and been put out as exploit code, and this can be found now at the Topix21century domain. Re: http://www.symantec.com/connect/blogs/backdoorsykipot-work
Do not venture out there with IE6 or IE7 or you could get immediately infected. As said above Norton Safe Web gives a warning for the site.
Re: http://www.computerworld.com/s/article/9168838/Hackers_exploit_latest_IE_zero_day_with_drive_by_attacks
Link: http://www.vupen.com/english/advisories/2010/0567 &
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_SHELLCODE.CD
Best thing to do is upgrade to IE8 or downgrade to IE5.
It is well posiible that MS because of the threat will have to come out with an out of band patch again,
polonus
It is well posiible that MS because of the threat will have to come out with an out of band patch again,Polonus, The patch has been available for quite some time. It's called [b]Internet Explorer 8[/b]