An unpatched critical security vulnerability in Microsoft's software, which means that users' computers can become infected simply by visiting a website with Internet Explorer, is being actively exploited by cybercriminals.
Alongside last week's regular
Patch Tuesday announcement (including a remote code execution vulnerability that is being
exploited by attackers in the wild), Microsoft also issued an
out-of-band security advisory about an as-yet unpatched security hole (known as CVE-2012-1889).