As users of Microsoft products are probably aware, Microsoft releases security updates on the second Tuesday of each month. However, this time there's a security hole in Internet Explorer that they haven't yet patched, and it's so serious that users are advised to immediately apply a workaround fix.
This particular vulnerability lets attackers infect the victim's computers (running Windows XP or Windows Server 2003) after they've clicked on a video link in Internet Explorer. The vulnerability allows attacker to run arbitrary code under the same user rights of the local user. The worst part of it is the fact that this is not some theoretical hole; Microsoft clearly states that they're already aware of malicious hackers exploiting this vulnerability.