On Fri 21 Sep 2012, Microsoft released an unscheduled security bulletin.
Updates to Internet Explorer were released to fix a number of vulnerabilities.
Today we released Security Update MS12-063 to address limited attacks against a small number of computers through a vulnerability in Internet Explorer versions 9 and earlier. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we encourage you to apply this update as quickly as possible.
In addition to addressing the issue described in Security Advisory 2757760, MS12-063 also resolves four privately disclosed vulnerabilities that are currently not being exploited. 
|MS12-063||2744842||Cumulative Security Update for Internet Explorer||Remote Code Execution||Critical||Microsoft Internet Explorer|
There is code in the wild that exploits this (since Sep-14th) , patch away.
[1.] Microsoft releases MS12-063 – Cumulative Security Update for Internet Explorer (2012-Sep-21) [MS: MSRC]
[2.] IE Zero Day is “For Real” (2012-Sep-17) [SANS]
[3.] IE Fixes Available (2012-Sep-20) [SANS]