Rapid7 warns of a new zero-day exploit for Internet Explorer, which Microsoft has not yet released a patch for.
Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available.
The exploit is affecting about 41 per cent of internet users in North America and 32 per cent world-wide. Published in Rapid7’s Metasploit (https://community.rapid7.com/community/metasploit/blog/2012/09/16/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit), it looks like this exploit may have come from the same place as the recently discovered Java zero-day exploit (http://www.pcr-online.biz/news/read/oracle-s-java-7-contains-flaw-allowing-hackers-to-break-into-computer-systems/029038), as it is run on the same server.
The new and previously unknown exploit can be used to load malicious software on machines running Windows XP, Vista or 7 along with the latest editions of the IE 7, 8 and 9 browser.

http://www.pcr-online.biz/news/read/experts-uncover-new-zero-day-exploit-for-ie-and-warn-users-to-switch-to-chrome-or-firefox/029184