eEye has reported that the August 8th cumulative patch for Internet Explorer 6 SP1 (MS06-042) actually creates another serious exploit vector on Windows 2000 and Windows XP SP1:
This information is already known in various research circles and also with exploit writers. So it is important that IT administrators understand the true threat of this problem that this is not simply a crashing bug as Microsoft has been incorrectly misrepresenting it but in fact that it is an exploitable security bug. Researchers and exploit developers know this, therefore it is extremely important that IT administrators are told what really is going on.
The current recommendation is a workaround for Windows 2000 (disable HTTP 1.1) and to upgrade Windows XP to SP2. Although if you are not on SP2 by now already, you also probably want to check out the workaround.