Update2: MS14-021 has now been published. Note that differently from a normal update it is not cumulative (i.e. it only addresses this particular vulnerability CVE-2014-1776, which is common for an out-of-band update such as this one) and it is recommended to install the latest cumulative update before applying MS14-021, i.e. MS14-018 for most versions of Windows, but MS14-012 for IE11 on Windows 7 and Windows 8.
While attacks continue to be targeted, we recommend installing this update as soon as possible, rather than waiting 2 weeks for next Patch Tuesday.
Update: Microsoft will release an out-of-band patch for Internet Explorer later today, and it will include an update for Windows XP. Good news for users of the operating system that went EOL last month. Stay tuned for more news.
Original: Microsoft just published security advisory 2963983 which acknowledges limited exploits against a 0-day vulnerability in Internet Explorer (IE). The vulnerability CVE-2014-1776 affects all versions of IE starting with version 6 and including version 11, but the currently active attacks are targeting IE9, IE10 and IE11. The attack vector is a malicious web page that the targeted user has to access with one of the affected browsers.