Microsoft released an updated advisory to warn that the underlying flaw affects much more than IE 7 and to spread the word about additional workarounds that can help limit the damage from actual attacks.
Here's how your protect yourself in the interim:
[ SEE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks ]
Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones:
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone:
Enable DEP for Internet Explorer 7
(NOTE: Some browser extensions may not be compatible with DEP and may exit unexpectedly. If this occurs, you can disable the add-on, or revert the DEP setting using the Internet Control Panel. This is also accessible using the System Control panel).
Microsoft's latest advisory also includes technical instructions on how to use ACL to disable OLEDB32.DLL, how to Unregister OLEDB32.DLL and how to Disable Data Binding support in Internet Explorer 8.
IE users should bear in mind that there's a growing list of exploitive sites taking aim at this vulnerability and now that the exploit code is publicly available, the threat will certainly grow in the coming days and weeks.
Until Microsoft can issue a patch -- out-of-cycle or otherwise -- you should consider using an alternative browser like Mozilla Firefox or Opera. If you must use Internet Explorer, be sure to securely configure the browser with the mitigations described above.
* Image source: hashmil's Flickr photostream (Creative Commons 2.0).