SANS has reported a Microsoft IE7 0-day expoit that is now in the wild. This vulnerability is not adderssed by the forthcoming December 2008 patch Tuesday releases, or by the MS08-073 patch that was released on 12-09-2008.
Analysis shows the current exploit checks for the following conditions:
The user has to be running Internet Explorer
The version of Internet Explorer has to be 7
The operating system has to be Windows XP or Windows 2003
SANS has not yet confirmed if other versions are affected (Internet Explorer 6 or Internet Explorer 7 on Microsoft Windows Vista).
ThreatExpert has a very nice overview of the modifications the exploit makes to compromised computers.
Additional Resources:
ZDNet Security Blog
Secunia Advisory