Hi folks, this is Geoff again, IE Program Manager focused on security updates. A Windows Security Update was released today for a vulnerability in the Windows VML (vector markup language) component that can result in remote code execution. Although this is not an IE code vulnerability, we feel it is important to mention that IE can be used as an attack vector for the exploit. We strongly recommend that you visit Microsoft Update or Windows Update to check for this and any other critical security updates required to protect your systems(s) from potential attacks.
For further information on this vulnerability and the location of the update please see the following links:
I also want to mention that IE7 on Vista IS NOT affected by this vulnerability as a newer version of the control was released in Windows Vista.
Thank you for taking the time to read this post and have a great day!