Microsoft today released a security patch, outside its normal schedule, for versions 6, 7, and 8 of its Internet Explorer browser, to fix a recently discovered Critical vulnerability that is being actively exploited. According to Microsoft’s Security Bulletin [MS13-008], the vulnerability stems from a memory management error in the browser, which can cause memory corruption, leading to the execution of arbitrary code in the context of the current user. The Security Bulletin [MS13-008] contains more information, and download links for the relevant patches. Microsoft says that applying the patch will require a system restart. Microsoft has also added information on this new bulletin to its Microsoft Security Bulletin Summary for January 2013, which also continues to contain information on the patches released on the usual schedule last Tuesday, January 8.
This is a serious security flaw, particularly for desktop clients, and I urge you to update your systems as soon as you can.
Update Monday, 14 January, 16:47 EST
There is a Microsoft Knowledge Base article (KB 2799329) that contains some additional information.