Microsoft has been notified of a vulnerability in Internet Explorer that could potentially allow a successful attacker to attain remote control of a pc.

Microsoft released a TechNet article on July 6th notifying IT Professionals of this vulnerability affecting only Windows XP and Windows Server 2003.  According to Microsoft, the flaw does NOT affect Windows Vista and Server 2008.  The article can be found here:  http://www.microsoft.com/technet/security/advisory/972890.mspx

According to the article:
"Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability. "

It is currently rumored that thousands of websites have been compromised already to put code on them to load into a visitor's computer without their knowledge.

Microsoft does not have a fix for the vulnerability as of yet, but they post a workaround in their Knowledge Base to set kill bits in front of known areas vulnerable to the attack.  Please note that this is NOT a fix, but a road block until Microsoft can code a patch.  The knowledge base article for the workaround is here:  http://support.microsoft.com/kb/972890#FixItForMe

Keep your Antivirus up to date... and look for Windows updates in the days to come to patch the hole.

Update:  Microsoft released a patch for this vulnerability on July 14th.  Keep your Windows installation up to date!