New critical vulnerability in Internet Explorer

You'd think that the world's largest and richest software company could write software that doesn't currently need to patch "critical flaws"? Wrong. There is even an event called "Microsoft Tuesday" when they release the month's new batches of patches. But they've excelled themselves this time: Microsoft has taken the rare step of warning about a serious security flaw it hasn't fixed yet. The vulnerability affects Internet Explorer users whose computers run Windows XP or Windows Server 2003. It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected, just visit a website that's been hacked. Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail. The so-called "zero day" vulnerability affects a part of software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into. Microsoft urges vulnerable users to disable the problematic part of its software, which can be done from Microsoft's website, while the company works on a "patch" - or software fix - for the problem.
On the subject of browsers, I should note that Firefox has just released version 3.5, which has some important new features, and is supposed to load faster.