According to a statement put out by Microsoft late last Saturday, there was a zero day bug discovered that can affect IE browsers going all the way back to IE6. While this effects nearly 25% of the internet browsing user base, there will be no patch for the recently deprecated Windows XP.
How the bug works
The bug lies within how Internet Explorer handles objects stored in memory that have been deleted or not properly allocated. This vulnerability can allow the remote execution of code within the current users session. An attacker could develop a site, and once a user accesses it they would fall victim to this exploit.
Microsoft is planning to release a patch for this as quickly as possible.