First of all, yes, there is a “zero day” vulnerability in Internet Explorer. Basically, according to Microsoft, it allows “remote code execution,” which means somebody can basically tell your browser to do whatever the hell they want. And as bad as that sounds, it’s worse than you think.
First of all, there’s no patch for this yet. So if you hadn’t already used IE to download another browser, now is definitely the time. Secondly, it affects every version of Internet Explorer currently being used on the market, from 6 upwards. Which means this problem has been around for more than a decade.
The solution, of course, is to just get a new computer. But not everybody can do that. Major institutional users like, er, the IRS can’t just yank everyone’s computers at one go, and some people either can’t afford a new computer or will stubbornly cling to an operating system past all sense or reason. Ask anybody who has tried to explain something that isn’t XP to their parents; it is not something you sign up for unless you have to.
Hopefully Microsoft will make an exception and patch even XP. Because otherwise, this problem is really just getting started.