Microsoft has just announced that a fix for the critical bug in Internet Explorer 5, 6 and 7 is to be published tomorrow. As usual, there will be webcasts detailing the fixes:

Microsoft is hosting two webcasts to address customer questions on these bulletins: on December 17, 2008, at 1:00 PM Pacific Time (US & Canada) and December 18, 2008, at 11:00 AM Pacific Time. Register now for the December 17 webcast and the December 18 webcast. Afterwards, these webcasts are available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

The issue is listed as critical for all supported versions of Windows and Internet Explorer, so be sure to install this update once it becomes available! As Larry Dignan notes, this proves that Microsoft can move (reasonably) fast when necessary:

The good news: Microsoft can move on critical patches when it wants to and can be nimble. The bad news: Microsoft is moving on the IE patch because the attacks are escalating.

More details are available in this security advisory; this still leaves known vulnerabilities in Wordpad and SQL Server.