The vulnerability went from a theoretical to a real risk last weekend when security folks began seeing Web sites where malware authors were using the exploit to break into fully-patched Windows PCs. The quantity of sites hosting the malicious code now number in the hundreds.
But should you bother loading these third party patches? Surprisingly, analysts at the Internet Storm Center say no: You can thwart the vulnerability by not using Internet Explorer, or, failing that, by turning off Active Scripting support in IE (click Tools, Internet Options; click the Security tab, then the Custom Level button; scroll down to the Active Scripting option, and fill in the radio button next to Disable, and click OK twice).
