Extremely critical vulnerability in IE

The attacks are in full swing.

Microsoft came in yesterday with two security updates to its software, but just as important is the message that it has been found a very serious vulnerability in Internet Explorer that is already exploited by attackers in targeted attacks.
According to Microsoft, this vulnerability affects only Internet Explorer 6 and 7, while both older and newer versions seem to be untouched.

The vulnerability is due to an invalid pointer reference that is used by Internet Explorer. It is possible under certain conditions to access the invalid after an object has been deleted. Attackers who are trying to access the released object can achieve to get Internet Explorer to allow the remote execution of arbitrary code.

Microsoft comes with several tips to help users of the affected IE versions can protect themselves from attack, until a security fix has been released. The upgrade to Internet Explorer 8 is the advice given.
The two Security updates that Microsoft came up with yesterday, removing the seven vulnerabilities in the company's Excel-products and a vulnerability in Windows Movie Maker, which comes with Windows XP and newer.
Several of the vulnerabilities allows execution of arbitrary code, which allows the security company Secunia deems the Excel update as highly critical. Microsoft believes that the update is only "important", not "critical".