Microsoft has confirmed that a newly-discovered vulnerability exists in Internet Explorer that the security companies are calling "significant" and "highly critical." Of course, you won't find such scary language on Microsoft's milquetoast advisory page, but the vulnerability (for which researchers have released proof-of-concept exploit code), allows malicious web sites to run arbitrary code on victims' machines. No patch exists, but Microsoft says an effective workaround is to disable Active Scripting in IE and that Outlook and Outlook Express are not vulnerable. Patch Tuesday is April 11, and it's unlikely that we'll see a fix from Microsoft until then.