There's an unpatched Internet Explorer 6, 7, and 8 vulnerability in the wild. Drive-by exploitation could allow remote code execution. Reports are that Metasploit already has a module available. There's a concise write-up at SANS Diary, and Microsoft's Security Response Center has more extensive details.
If you're visiting with family over the holiday weekend, and somebody's received a new computer from Santa, and they don't use IE by default, then why not try out Windows 7's turn off Internet Explorer option?
If you don't use it, lose it.
We at F-Secure Labs wish you have a safe and happy holiday weekend.
Here in Helsinki, it's a white Christmas (and a cold -21�C/-6�F).
