In a rare instance since announcing regular scheduled updates, Microsoft released an Out Of Band bulletin about a vulnerability in current versions of Internet Explorer. This is MS08-078. This is dubbed Out Of Band because the release is outside the monthly schedule of updates. The cause of the release is not so much the "critical" rating that is the concern, as much as the active and publicly release of the exploit. The vulnerability has remote-code execution capabilities. Since the exploit was announced before the vulerability and the patch, this is dubbed a Zero Day exploit.
With the release of the bulletin, Microsoft made an update available on Windows Update (http://go.microsoft.com/fwlink/?LinkID=40747). Full details of the bulletin can be found here:
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx. It is important to point out that this Out Of Band release is NOT cumulative for other IE issues.
As mentioned before, this vulnerability is actively being exploited. Home users should patch immediately. Administrators should evaluate their needs quickly. Exploit attacks have been found in vulnerable web sites through SQL injection, and recently in Word documents (which means look for this in email attachments).
UPDATE: Beta versions of Internet Explorer 8 are also said to be vulnerable.
OSG: Bits, Bytes and Packets 