The flaw is new enough that Microsoft says they aren't aware of anyone being compromised by the attack, even though proof of concept code has apparently been around for over a month. Interestingly, even Microsoft's newest browser, IE 8 beta 1, which was made available earlier this year, is also vulnerable.
Microsoft is now in an interesting position. Once IE8 becomes final and people begin adopting it, they'll be left with a very substantial userbase that is composed of IE6, IE7 and IE8 users. It seems they will be stuck with supporting the older browsers, and maintaining three branches of IE at once can't be an easy chore, even for Microsoft.