Microsoft has announced in Advisory (980088) that there has been a publicly disclosed vulnerability in Internet Explorer, versions 5 through 8. Users not running Internet Explorer in Protected Mode are at risk of having information, in files with predictable names, accessed by attackers. This vulnerability cannot be exploited to execute remote code or used for a denial-of-service attack.

The largest group of users at risk are Windows XP users running IE without Protected Mode enabled. Internet Explorer on Vista and Windows 7 has Protected Mode enabled by default.

Though no patch exists at this time, users can protect themselves by simply enabling Protected Mode in Internet Explorer.

Ars Technica puts it this way: Microsoft warns of IE flaw, turns PC into public file server. That doesn’t sound very good, does it?

Microsoft Support has a Fix it for me tool available.