Summary:  On November 21 2005 several Internet Security Monitoring Resources reported the public release of Proof of Concept (PoC) Code that demonstrates a method of exploit on **fully-patched** windows systems that utilize the popular Internet Explorer web browser.  Successful exploitation of this flaw (which could be achieved if the victim visits a malicious web site) could allow a remote attacker to take compete control of a vulnerable system.  At the time of writing, NO patch has yet to have been made available from Microsoft to address the issue.

Recommended Actions:  Suggested workarounds currently include: (1) Disabling Active Scripting on Internet Explorer (instruction link proved below) (2) Using alternate web browsers until a patch is issued/installed.  System Administrators and support personnel are encouraged to consider these methods (keeping in mind the potential functionality caveats associated with both) and also to frequently check the Microsoft Security Advisory Page (link provided below) and other resources (e.g., ALARM Alerts, see 'ITS Actions' below) for updates to the situation and/or the release of software updates (patches) from the vendor.

ITS Actions:  This situation is currently in the early stages of development.  ALARM will release updates as new information/recommended actions become available.

Resources:

FrSIRT Advisory (describes exploit and workarounds):
http://www.frsirt.com/english/advisories/2005/2509

How to disable Active Scripting in Internet Explorer:
http://support.microsoft.com/kb/q154036/

Microsoft Security Advisories main page (check here for newest patch info):
http://www.microsoft.com/technet/security/advisory/default.mspx

Microsoft Security Bulletins main page (check here for newest patch info):
http://www.microsoft.com/technet/security/current.aspx