Microsoft has posted a new security bulletin which describes a critical flaw in Internet Explorer which -- wait for it -- could allow a remote attacker to execute arbitrary commands on a compromised computer. The flaw affects all supported versions of IE and occurs because of "the creation of uninitialized memory during a CSS function within Internet Explorer."
Vista and Windows 7 users are at less risk than those on XP because of their OS's Protected Mode, which would limit the attacker's access rights. Microsoft suggests using EMET (Enhanced Mitigation Experience Toolkit) to protect all Internet Explorer processes -- but it's a tool designed for admins, not the average home user.
While there's no timetable given for an official fix, Microsoft has already begun working with security providers to ensure that additional protection can be delivered via definition updates. They also, of course, recommend running all Windows Updates, making sure your firewall is turned on, and having a good, up-to-date antimalware program installed.