Microsoft responded rapidly and has already posted a fix for this problem for Windows MSIE 3.0.1 users. A fix for 3.0 users is on the way.
This story was picked up by most major news services (such as the Associated Press). I particularly liked the story on CNET, which had some interesting background - including links to other stories describing the separate ActiveX security leak (mentioned here before).
Throw in the ShareFun.A email virus (also covered here before) and it has not been a great month for Microsoft and Internet security.