Microsoft has issued an advisory warning of a 0-day vulnerability in Internet Explorer 6, 7, and 8 that could allow malicious code to be executed on a victim’s computer as soon as they visit a compromised web site. More recent versions of Internet Explorer are not affected.
Symantec describes the means of infection as a “watering hole” attack as it involves exploiting a site the victim is likely to visit.
A temporary fix has been made available until a permanent one can be prepared for Windows Update. While the effect appears to be limited to the United States at present, it would be a good idea to apply the fix if you are still running Internet Explorer 6, 7, or 8. Microsoft has also recommended upgrading Internet Explorer to version 9 or 10, but Windows XP does not support these versions.