Important - IE VML Vulnerability - IE7 is immune
Internet Explorer 7 is immune to this vulnerability (just like it has been immune to virtually all the other vulnerabilities that have been announced). I strongly recommend that you update to the IE7 Release Candidate as soon as possible.
To quote the IE team themselves back in August "...With the exception of a very short list of issues we’re aware of and working on, we think the product is done.... Depending on your feedback, we ***may*** [my emphasis] post another release candidate. We’re still on track to ship the final IE7 release in the 4th calendar quarter."
Please, don't hold off installing IE7 for these last few months just because IE7 is still "in beta". Read the RELEASE NOTES and make a judgment call based on the software that you run.
If you have problems, there is this blog, and the support newsgroups available to you. It should be noted that HP Director software will have problems (but a workaround has been posted to the newsgroups) and Norton software is problematic (frankly, IE7 RC1 will protect you from exploits far better than Norton - if given a choice between the two, I say go for IE7 and move to a different antivirus).
To be extra careful, you can search the general Internet Explorer newsgroup for mention of your software to see if others are having problems.
Of course there will be situations where you cannot install IE7 because there is an application that you know will break. But, in circumstances like this, where you will protect your machines not only from the vast majority of exploits, but in all likelihood future vulnerabilities (which is a *major* security benefit) we should assess the situation on a per site basis and make a decision. Test things out.
Screenshot of results of Zert test page using IE7RC1 on XPSP2:
Internet Explorer 7 on Windows Vista Ultimate (unlike Ed Bott I did not see any ActiveX prompts):
A patch is anticipated by October 10, but may be released earlier (see 2nd Security Centre blog entry listed below)
Information about IE VML vulnerability posted at MS.
Jesper has also posted information about how to mitigate the threat as well:
Microsoft Security Response Centre blog: