It's not new – we already know it. Internet Explorer is a flawed browser, with many security holes – and it just ripped itself a new one.
Microsoft has issued Security Advisory (980088), which basically says that Internet Explorer, for those who use Windows XP or who have disabled Internet Explorer Protected Mode, allows access to files with an already known filename and location. In other words – hackers can browse your files vie IE.
Browser versions affected are: Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. The company hasn't issued a patch yet.
I have a better tip for you: USE FIREFOX.