On December 10, 2008 Microsoft published their Security Advisory (961051) stating that there is a vulnerability in Internet Explorer that could allow remote execution. This critical security hole would allow the following scenario to happen: a user visits a hacked site that serves the malicious javascript code that exploits the bug that handles XML within Internet Explorer then it downloads malicious software which infects the user’s system and does whatever it wants (i.e. getting credit cards number, etc.).

Internet Explorer 5.01, 6, 7 and 8 Beta 2 all have this vulnerability, but fortunately Microsoft was quick to act and released a patch yesterday (Security Bulletin MS08-78 ). So do not overlook that little popup on Windows Updates or Windows Security Alerts, it should be installed as soon as possible .