Microsoft has revised the security advisory issued earlier this week. Initially it appeared that the vulnerability was only in Internet Explorer 7, but after further analysis it seems as if all currently-supported versions of IE are affected, including the betas of IE8. However the attacks that have been observed in the wild so far all target IE7 specifically.

The advisory now adds several new proposed workarounds. The complete list:

• Set Internet and Local intranet security zone settings to "High"


• Disable Active Scripting or set IE to prompt for it


• Enable DEP (only hardware DEP will help)


• Use ACL to disable OLEDB32.DLL


• Unregister OLEDB32.DLL


• Disable Data Binding support in Internet Explorer 8

Secunia points out in their blog that setting your Internet and Local Zone security settings to High won't protect completely against the attack, although it will make attacks more difficult because scripting will be disabled..

The Secunia blog adds that making this change, along with the Microsoft suggestions related to OLEDB32.DLL (see Microsoft's advisory for details), should keep your system safe.