Microsoft has taken the rare step of warning about a serious security flaw in Internet Explorer running under windows XP and Windows Server 2003.  Windows Vista and Windows Server 2008 are not affected by this vulnerability.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

There is no patch available for this vulnerability at present from Microsoft.  The workaround that they suggest is to disable ActiveX controls in Internet Explorer.  Unfortunately disabling ActiveX could have a large impact on business critical websites.

If you require more information on this vulnerability, you can read the official Microsoft webpage at http://www.microsoft.com/technet/security/advisory/972890.mspx or call Computer Concepts on 03-348-2500.