Users not running Internet Explorer in Protected Mode are at risk of having information, in files with predictable names, accessed by attackers.
The largest group of users at risk are Windows XP users running IE without Protected Mode enabled. Internet Explorer on Vista and Windows 7 has Protected Mode enabled by default.
Though no patch exists at this time, users can protect themselves by simply enabling Protected Mode in Internet Explorer (which may require upgrading to a version of IE that has Protected Mode).
You can find more information on Microsoft Advisories and Bulletins at the SophosLabs vulnerability analysis page.