I think some of the wrong conclusions are being drawn about the latest exploits for some known vulnerabilities in Internet Explorer (IE). First of all there is NO production level patch for Windows that will protect you from this exploit. SP2 RC2 is a release candidate, thus RC2. Microsoft says, "Customers who are already following our safe browsing guidance significantly reduce their risk from this type of attack." Reduce the risk, not eliminate it.
http://www.microsoft.com/security/incident/download_ject.mspx This process involves editing registry keys, are you really going to recommend that your user community install a Release Candidate patch or edit their registry keys?
http://support.microsoft.com/default.aspx?scid=kb;en-us;833633 Second, if this was any other program that didn't get installed by default what would you be recommending? You'd be telling people to remove it and use an alternative. Let's take a look at this from a security point of view:

1. What are the assets we are trying to protect?
   • The stability and security of our community users' Windows desktop machines.
    
2. What are the risks to the assets?
   • Vulnerability to current exploits for the Internet Explorer software.
   • The user of the machine could experience an installation of spamware, adware, malware or data sniffing. Potentially, without their immediate knowledge.
   References:
   1. Compromised Web Sites Infect Web Surfers
   2. Cross-Domain Redirect Vulnerability in Internet Explorer
   3. Microsoft Internet Explorer does not properly validate source of redirected frame
   4. Internet Explorer Local Resource Access and Cross-Zone Scripting Vulnerabilities
   5. Here's some example code which demonstrates the exploit
   6. An analysis of the Ilookup Trojan
   7. Watch out! Incoming mass hack attack
   8. Gov't Warns of Major Web Attack
    
3. How well does the security solution mitigate those risks?
   NOTE: I will compare IE and Netscape as potential solutions.
   • Tighten IE
     - Since there is no production level patch, not very well.
   • Switch to an alternative browser: Netscape
     - Since these vulnerabilities do not exist in Netscape this will completely mitigate these risks.
    
4. What other risks does the security solution cause?
   • Tighten IE
     - False sense of security.
     - May not secure against other known vulnerabilities
   • Switch to an alternative browser: Netscape
     - Vulnerable to other less dangerous known vulnerabilities
    
5. What trade-offs does the security solution require?
   • Tighten IE
     - The only way to reduce risk is to cripple the software to the point that most other browsers work better than it.
     - Lose the ability to use ActiveX controls
     - Lose the ability to use JavaScript
   • Switch to an alternative browser: Netscape
     - Lose the ability to use ActiveX controls
     - Retain ability to use JavaScript
     - Get tabbed browsing capability
    

In summary, the problem with Internet Explorer on Windows is the level of integration with the operating system. Think about this: How do you apply software patches and system updates? Through Internet Explorer! Is that really a good idea? It's not the way I'd design it. If it hurts when you browse the web using Internet Explorer, don't use Internet Explorer. This isn't a religious debate, its common sense.