Adobe is also at fault. If you don’t have the patch, it is sufficient to disable the Flash plugin.
Well, much as I hate Flash, and consider it a security hole on roller skates all by itself, in this case it only happens to be the vector by which the real flaw in IE is activated. There's nothing inherently wrong with Flash in this particular regard. Disabling the plugin removes the path by which the bad guys get to the real vulnerability.