Last week we reported that Microsoft was issuing fixes on its 'Patch Tuesday' for vulnerabilities in Windows and Office, but a permanent fix for the latest bug in older versions of Internet Explorer – a so-called zero-day exploit – was not included. This potentially left users of Internet Explorer 6, 7, and 8 vulnerable to attackers gaining control of Windows computers to host malicious websites.
Therefore, we recommend that if you use Internet Explorer in pre-Version 9, make the update as soon as you're prompted, as Microsoft deem the vulnerability as 'critical' … in other words: "Critical: a vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing to a web page or opening email."