Our friend Bink has been contacted by a Microsoft's spokesperson about the "IE7 bug" which technically is an Outlook Express bug. In Vista this bug is fixed, for Windows XP this fix is underway.
Official Statement: Microsoft is aware of public reports of a vulnerability in Outlook Express which is currently under investigation. Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.
Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs.
Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.
As always, Microsoft encourages customers to follow its "Protect Your PC" guidance of enabling a firewall, applying all security updates and installing anti-virus software. Customers can learn more about these steps at www.microsoft.com/protect.
News source: Bink