A vulnerability exists in Microsoft XML Core Services which wasn't addressed in yesterday's Patch Tuesday releases and which could allow remote code execution. The vulnerability affects all versions of Windows.

According to the Google Security blog, Microsoft was advised of the vulnerability at the end of May, but for whatever reason, no patch has yet been forthcoming.

Until such time that Microsoft releases a patch, users are advised to implement a "Fixit" which can be found here: http://support.microsoft.com/kb/2719615

I ran it a few minutes ago using IE8 and didn't experience any problems.