In response to Download.Ject, Microsoft has just released a patch, which actually makes a change to Windows that disables the ADODB.Stream object in MS Data Access Components. This appears to be more of an intermediate fix than a true patch, to be used until a comprehensive fix that allows ADODB.Stream use without the vulnerability can be prepared.

People can get the update from Windows Update, or at this web page on Microsoft's Downloads web site. If you are a business network user, check with your IT department before you download or apply this fix - They might be applying it for you automatically from a central server, or they may have reasons it should not be applied if there are browser-based applications used that rely on the functionality disabled by this update.

Some will still whine and complain that this is "just a stop-gap fix," and that it doesn't actually repair the flaw. Give it a rest people: This is Microsoft responding to complaints about not getting fixes out soon enough, and they're doing it by making a valuable intermediate fix available to protect users. I applaud that. If you want to have a productive and constrcutive conversation, that's great -- comment here if you like, or go over to the Channel 9 web site, where Microsoft shows it's listening.