Basically, if a user clicks on a malicious link and uses Internet Explorer 7, his PC could be completely compromised. The IE7 flaw only affects Windows XP and Windows Server 2003.
Recently, Microsoft released a Security Advisory, saying that a patch is in the works and will become available once it passes all the usual tests. We don’t know who penned the advisory, but we’re willing to bet that he or she is related to Captain Obvious:
“This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed”
Still, for the time being, Microsoft can only offer a great piece of advice: "Do not follow un-trusted links or browse un-trusted Web sites."