*** UPDATE 17/12/08 8:54 ***
A patch update has now been released by Microsoft – you can download it from here.
This has been quite widely covered by the media and various sites over the last week but I thought it worth adding to the blog just in case anyone had missed it. Basically, there is currently a vulnerability in all editions of Internet Explorer that potentially allows hackers to infect vulnerable computers with malware. This IE vulnerability comes from the way the browser handles DHTML Data Bindings.
Compromised web sites are being used to exploit this vulnerability and include everything from a popular search engine in Taiwan through to the usual suspects, porn sites, etc. Trend Micro are estimating that there are about 10,000 infected sites out in the wild.
In the meantime there are some steps you can take that will help you protect your PC(s). These steps include setting the Internet security zone to ‘High’ and disabling XML Island functionality. Though in many cases setting the Internet security zone to ‘High’ for your users could potentially open up a whole new can of worms for some. Check out the ‘Workarounds’ section on Microsoft’s Security Advisory link below.