WebSense has provided an updated list of exploited sites. It’s growing.
SANs just reported
Just for the sake of clarity, there is an email attachment vector for this exploit that’s not widely reported. I have not seen any reports of it being used at this time. MS’s bulletin, in the FAQ’s, in “Could this vulnerability be exploited through e-mail?”, says it can be exploited if one “open(s) an attachment that could exploit the vulnerability.” ISS obliquely says attacks may occur by “…simply embedding the required logic in specially crafted HTML emails.”.
The full extent of email as an attack vector is not fully known. Best thing you can do is turn off Active Scripting in IE (IE 7 beta preview 2 is not affected by this exploit), as according to SANS, this may be a “global” workaround.
Alex Eckelberry