In order to fix a new security flaw discovered in Microsoft's Internet Explorer, the company released a critical security patch on Wednesday. This patch is supposed to prevent attackers from downloading malware onto users' computers if they visit a malicious Web site, or a legitimate Web site that has been infected.

Microsoft released a patch Dec. 17 for a “zero-day” vulnerability affecting Internet Explorer that has been making headlines recently. "Zero-day" vulnerabilities like this are a gold mine for criminals because users have few ways to fight off attacks.

News broke in the security world earlier this week that a critical vulnerability had been found in Microsoft's Internet Explorer 7.  Microsoft stressed that the flaw was proven to exist only in IE 7 on all applicable versions of Windows, but that IE 6 and the "beta" release of IE 8 were "potentially vulnerable." The vulnerability could be used to take over computers and is known to be currently being used to steal passwords.

Often the attack is launched through a hidden iFrame component that is surreptitiously put on a Web site. As many as 10,000 sites have been compromised since last week to exploit the browser flaw, according to antivirus software maker Trend Micro Inc. Operators of Web sites usually have no idea they've been infected. The sites are mostly Chinese and have been serving up programs that steal passwords for computer games, which can be sold for money on the black market.

The company detailed complicated sets of workarounds that should mitigate the vulnerability; the first step anyone should take is to set the "Internet zone security setting" to "high." "Until the update is available, Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at www.microsoft.com/protect, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available," Microsoft’s statement read.

Some experts have suggested that users switch browsers until the flaw is fixed. Firefox, Opera, Chrome and Apple's Safari system are not vulnerable to this current flaw. The vulnerability has affected only machines running Internet Explorer 7 under the following systems: Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008, it's also known to affect versions 5, 6, and 8 of the browser as well.

The last such out-of-band patch, Microsoft Security Bulletin MS08-067, was released on Oct. 23. It addressed vulnerability in Windows Server service that affected all currently supported versions of Windows. That vulnerability allowed an attacker to take over affected computers remotely. Unfortunately this case we’re talking about is much more serious.