Microsoft Zero Day Cause for Concern

An unpatched buffer overflow vulnerability in an ActiveX control used by Microsoft DirectShow is being actively exploited in-the-wild. A large number of websites in China have been compromised and are being used to distribute the exploit. Malicious ads targeting game sites are also employing the zero day exploit. The exact malware that results depends on the attack vector encountered, but thus far consist of a range of data theft and password-stealing trojans.

According to Shavlik Technology, the problem-causing ActiveX control "doesn’t serve any purpose within Internet Explorer" - which makes it even more alarming that Microsoft has known about the problem for over a year and neglected to fix it.

To workaround the problem while awaiting a patch, Microsoft recommends setting a kill-bit for the offending ActiveX control - a protection method that can lead to application problems and has a not-insignificant failure rate (as in, it may not protect you).

My recommendation: switch to Firefox with NoScript. Now.