The same flaw we heard about earlier this week is now thought to be more servere than initial estimates. Microsoft has issued a statement over the flaw saying it is a serious issue that has no fix yet, and that merely visiting a website on an updated Windows machine can still result in the machine being exploited. We don't have an ETA from Microsoft as to when a patch will be made available, though provided you don't go looking for malicious sites to begin with it is unlikely you will be compromised. The exploit is now being used to install software rather than just infect the machine, and is being exploited via e-mail as well. Hopefully a patch will arrive soon.