One of the nice things about open source software, they are honest about the problems with the software.

Something you don't get with closed source software, they have a commercial interest to protect the brand.

People have been complaining about flash for years. DO IT.

Or like me you could run Opera on linux in a virtual machine. .oO (but that's a bit sad) 

Correct.

If I may, and this should probably go without saying, the user, no matter what browser they use still needs to be intelligent about searching the web, just don't click on buttons so you can get to the next page. 

No amount of 'secure' software can protect your computer from, sorry for this, the user being dumb. 

Exactly, Philly.  The I-d10-T  error can be fatal.

This is true. Which is why I 86'd Flash. Buh bye!

Amen, brother!

While true, a person can become victimized innocently. I do caution care in browsing and opening emails from people you don't know, but errors happen and even large, respectable websites can fall prey as well as a regular person browsing for information.

Antiviral software and firewalls won't protect until someone works out a patch for this problem.

I advise reading the MS Security Advisory.

If IE were not at the top of the food chain it would not be attacked as much. Most other browsers also get attacked that is why we have updates.

Update

Microsoft has confirmed that a zero-day vulnerability exists in Windows XP, Vista, as well as Server 2003 and Server 2008. The bug, which first emerged in mid-December 2010, has evolved since the exploit was posted publicly.

The bug was first discussed on December 15 at a security conference in South Korea. Since no one had yet exploited the vulnerability, there was not significant cause for concern. That's changed now that researcher Joshua Drake has released an exploit module via open-source penetration testing project, Metasploit.

Exploit Opens Door to Total System Takeover

Metasploit has stated that the exploit can be used to compromise virtually any Windows PC. Hackers could then install malware which would then ransack and extract critical personal data, including addresses, phone numbers, and credit card information.

Reports also suggest a hacker could use the exploit to create a new Windows user account for themselves on the host PC, cutting off a system's rightful owner. (Source: crn.com)

Windows Flaw Infects Windows Thumbnails

The flaw is related to the way Windows' graphics rendering engine handles thumbnail images. It can be exploited if a targeted user views folders containing specially designed and malicious thumbnails via Windows Explorer.

"Attackers could feed users malicious PowerPoint or Word documents containing a malformed thumbnail, then exploit their PCs if the document was opened or even previewed. Alternately, hackers could hijack machines by convincing users to view a rigged thumbnail on a network shared folder or drive, or in an online WebDAV file-sharing folder," said Microsoft (Source: computerworld.com)

Windows 7, Server 2008 R2 Not Affected

In response to the threat, Microsoft has issued a security advisory noting the affected operating systems. All operating systems including Windows XP, Server 2003 / 2008, and Vista are affected by the exploit. Windows 7 and Windows Server 2008 R2 are not affected.

"This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said in the advisory. (Source: computerworld.com)

The Redmond-based firm also noted that it does not currently plan to release an "out-of-band" (or unscheduled) emergency patch for the flaw. While it's true that an exploit method now exists and is publicly available, Microsoft still cites the fact that no one has yet used it for an attack.

So in their infinitely warped wisdom Microstuff will wait until someone's system, be it XP or Vista, is seriously compromised or worse before they'll put a stop to it. WTG Mr. Gates.  

No, Uvah. Windows 7 is apparently OK, for other MS OS's there is EMET 2.0 to patch until they (MAPP) can produce a patch.

I have weened almost all my non-technical friends and family off of IE.  I am pushing Firefox.  While I have not had the problems Daiwa mentioned all the time, I have seen it on occasion (the stutter step).  I also have Safari (eh, a browser) and Chrome (Definitely not the fastest).  I will have to check out Opera.

These types of alerts (although I missed this one due to Christmas) are excellent!  Please keep them up.

Thanks Doc. I know W7 is Ok but I know of some who run both XP and Vista and they could benefit from this info. I've been passing it along.

Uvah, that's the ticket! If you email them, use the link to WC...who knows who might get interested!

Dr Guy: I plan to do just that.

Makes me just want to run out and buy more stuff from Microsoft.  Mooooo.