Given that a Metaspolit module exploiting the vulnerability has already been released, it's just a matter of time until the exploit is integrated in a malicious exploit kit.
IE 8 users are advised to upgrade to IE 9 or 10, but those who are unable to do it for whatever reason would do well to download and install the Fix it. Applying it does not require a reboot.
Users who don't know which version of the browser are using can check by opening Internet Explorer, pressing ALT+H, and then click "About Internet Explorer".
Microsoft is working on a patch for the flaw, but is still unknown whether it will be included in this month's Patch Tuesday.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.