The Infocon level has been raised to Yellow. A critical exploit in IE has been discovered that as yet has no patch. The details are emerging now, but at the very least it is possible to use it to launch an executable locally, and it is unclear if it is possible to pass parameters to it. If so, this is a very major problem, as it is possible to script ftp to draw files down and the a later run of the exploit can run it. The most likely vector for this will be ad-buys, which adds another weapon to the spyware toolkit.