Reported 09/15/06 in the Security Alerts page, Microsoft's latest vulnerability is quickly gaining momentum with many malicious sites and hackers crafting code and HTML to exploit vulnerable computers. Currently, even the most patched versions of Windows XP are completely vulnerable to this attack and there is no projected patch until sometime in October.
This new attack targets Internet Explorer and the HTML component in Outlook and can result in a computer being compromised by an attacker. So in theory, visiting a malicious website or opening an email with the malicious HTML code can leave the computer fully compromised.
Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.