Windows Security Flaw is WORSE than Originally Expected

A couple of days back, I posted a notice about a critical new (new as in "newly discovered", it has been around for years, apparently) where browsing WMF files with Internet Explorer could allow a malicious website to upload spyware, virii, etc. to your PC. Well, now it has been discovered that this same flaw allows your computer to be attacked if you merely preview an e-mail with this flaw in older versions of Outlook.

Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected...At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.
Since then, however, hundreds of sites have begun using the flaw to install a broad range of malicious software. SANS has received several reports of attackers blasting out spam e-mails containing links that lead to malicious sites exploiting the new flaw, Ullrich said.

I hate to say it, but at the moment if you are a Windows user you are safest surfing the Web via Firefox, on your cell phone, or by borrowing time on your neighbor's Mac or Linux machine. Microsoft does not yet have an ETA on a patch to correct this issue.