An unpatched critical security vulnerability in Microsoft's software, which means that users' computers can become infected simply by visiting a website with Internet Explorer, is being actively exploited by cybercriminals.
Alongside last week's regular Patch Tuesday announcement
(including a remote code execution vulnerability that is being exploited by attackers
in the wild), Microsoft also issued an out-of-band security advisory
about an as-yet unpatched security hole (known as CVE-2012-1889).