The news of the latest zero-day (or previously unknown and unpatched) exploit for Microsoft’s browser, Internet Explorer 8, being fixed is still fresh. But another has been announced. This one, however, has not been fixed. Even worse, Microsoft’s known about it for 7 months and not only hasn’t come up with a solution, they haven’t said anything except that though the hole remains wide open, they do not know of any attacks using it.
The flaw was made known by the Zero Day Initiative, a site devoted to the responsible and timely announcement of security flaws by the industry. This particular vulnerability allows an attacker to run malicious code against your machine when you visit an infected website with IE8. The easiest way to protect yourself is to set your browsers security settings at the highest level, to block the operations of Active X and Active Scripting.
A list of upcoming, unannounced zero day exploits may be found here.