As Chet mentioned yesterday Microsoft are going to release an out-of-band patch for the IE zero-day vulnerability used in the “Aurora” hacks. Today Microsoft have confirmed that the patch will be released on January 21.
Microsoft’s announcement :
Although the initial exploits seen in the wild for this vulnerability target IE 6 and Windows XP, security researchers (and cybercriminals too) have been hard at work extending the reach of the exploits to newer versions of both IE and Windows.
As with any security patch, our advice is to apply it as soon as you can.