Microsoft has provided advance notice that it is about to release an out-of-cycle ('out-of-band' in company parlance) patch for Internet Explorer that wasn't ready in time for Patch Tuesday.
It will address a vulnerability in Internet Explorer 6, 7 and 8 that permits the execution of remote code. Microsoft previously provided a Fix It as a temporary workaround for the problem.
The issue is rated Critical for Windows XP, Vista and Windows 7, and Moderate for Windows Server 2003, Server 2008 (including R2).
Internet Explorer 9 and 10 are not subject to this vulnerability.