You have a few options for doing this especially if you are using something like WSUS. However if you aren’t, then a registry change via group policy or logon script is probably the best option. Here is a a registry file that will block automatic upgrade to internet explorer 8 and 9:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\8.0]
"DoNotAllowIE80"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\9.0]
"DoNotAllowIE90"=dword:00000001

If you are only interested in blocking one version of internet explorer then just remove the appropriate lines. To use group policy to deploy the registry settings you need a method to apply the reg file. I tend to use the following VBS script:

Set oShell = CreateObject("Wscript.Shell") 
'The .Reg file path goes here
sRegFile = "\\path_to_reg_file\file.reg" 
'Regedit in silent mode
oShell.Run "regedit.exe /s " & Chr(34) & sRegFile & Chr(34), 0, True
Set oShell = NOTHING

Copy the text into a text file with the extension .vbs and attach this to a logon group policy in the usual way.