Critical vulnerability exploited in Internet Explorer 6, 7 and 8 -- but IE9 beta is safe!
The exploit, HTML_BADEY.A, uses the vulnerability to remotely execute code. By visiting a compromised website, encrypted files are downloaded to your computer and then decrypted to become a Trojan backdoor. Little is known about what happens after that -- this might just be a proof of concept, or it might be the beginnings of a new botnet.
For administrators, the Microsoft Security Advisory for the vulnerability suggests some ways to mitigate the risk of using Internet Explorer 6, 7 and 8 until a fix is released. Alternatively, use Internet Explorer 9 -- or any other browser!