It's happened again. Crackers recently began exploiting a newly revealed major security bug in Internet Explorer before Microsoft could issue a patch. These so-called zero-day exploits--where less than a day passes between the revelation of a vulnerability and attacks against it--are becoming more frequent. And that's bad news for us all. Security research firm Secunia found this hole, which affects virtually all versions of IE, from 5.01 through 6 Service Pack 2. Beta previews of IE 7 that predate March 20, 2006 (build 5335.5 or later) are vulnerable as well.
Two security companies have released their own temporary workaround patches, but analysts recommend using either Microsoft's workaround or an alternate browser such as Firefox or Opera. Microsoft also warns against using third-party patches.
For additional details, see Microsoft's advisory. When it is ready, the patch will be at Microsoft Security Bulletin MS06-013. Of course, all of these problems will be solved by this time next year when Microsoft releases Windows Vista. Right?