ZDNET's George Ou seems to be getting more and more strident in his warnings about the increasing risk facing IE users. Its now likely over 100 websites are using the latest IE6 flaw and the number is growing. He goes so far as to put this on par with the WMF exploit. He offers 3 basic workarounds including disabling scripts, employing Hardware DEP or switching browsers.

Right now there are some reasonably feasible solutions for Windows PC users:

• Disable active scripting, for Enterprise and for the home.
• Enable hardware-enforced DEP if you have the right hardware. 
• Use an alternate browser like Opera or Firefox.
• Do not run Windows as an Administrator.

Each one of these solutions are less than desirable in one aspect or another.  Here is a explanation of the options.

• Disabling active scripting is the official workaround from Microsoft.  It does work 100% of the time, but it also breaks a lot of websites and you'll have to individually add legitimate sites that need active scripting to your trusted IE zone.
• Enabling hardware-enforced DEP and enabling it for all services and programs seemed to work like a charm.  When I tested a malicious site, hardware-enforced DEP protected me 7 out of 7 times!  Without the hardware-enforced DEP, the malicious website successfully launched a massive number of exploits 2 out of 2 times.  Hardware-enforced DEP works preemptively without any patches to the OS or anti-virus software which is extremely desirable.  The problem is that only the newest computers have it.  The problem with hardware-enforced DEP is that not everyone has the right CPU.  There are still some new computers being sold today that don't have hardware-enforced DEP capability.  Most old computers don't have the capability.  Again you should see my DEP guide and see if you can use it to protect yourself because it's great if you have it.  The WMF exploits were also stopped dead in their tracks by hardware-enforced DEP.
• Using a browser like Opera or Firefox at least for the time being if the last two options aren't feasible to you is probably a good idea at least until the storm blows over and a patch is available.  Opera seems to be the least flawed of the bunch and Firefox has actually had more flaws per month than Internet Explorer, but Internet Explorer is still a favorite target because of how ubiquitous IE is.  The only issue with Firefox and Opera is that it won't run on some websites and Intranet applications.
• Not running as Administrator is always a good idea on any computer or operating system you use.  The problem with this on the Windows XP platform is that not all software is compatible with non-administrative access and Windows XP defaults to Administrator mode.

Those using the patched versions of IE bundled with Windows 2000, Windows XP and Windows Server 2003 are vulnerable to these bugs. People trying out the Beta 2 version of Internet Explorer 7 are safe. To avoid falling victim, Microsoft urged users to avoid websites they did not trust and to refrain from opening attachments on e-mail messages from unknown senders.

It's time for Microsoft to hurry up and finish testing their patch and release the fix as soon as possible, yesterday if possible!