All versions of IE Are Vulnerable
The Zero-day XML vulnerabilities once reported to only be affecting IE7 targets are now prompting warning from Microsoft to its customers across all supported versions of its Internet Explorer Web Browser.
http://www.microsoft.com/technet/security/advisory/961051.mspx
Workaround centers on setting Internet security settings to high and disabling the Ole32db.dll via ACL - not an end user-friendly operation. Apparently the noted attacks have predominantly been noted against IE7 and on Chinese sites. It exploits the way IE handles XML. The exploit could potentially be used to access several types of sensitive data, however thus far it is only reported to be stealing passwords for computer games.
There are reports that Microsoft is considering fixing the flaw through an emergency software patch outside of the standard “Patch Tuesday”.
Now is a good time to give Google Chrome a try.