This week, Microsoft acknowledged that the XML security vulnerability,which was discovered by Google’s Security Team on May 30, has been exploited and there are active attacks going on. It affects all versions of Windows as well as Office 2003 and 2007. If you go to a web site containing the malicious code, using Internet Explorer, attackers could execute code on your computer. Here’s the advisory:
http://technet.microsoft.com/en-us/security/advisory/2719615
We may get another out-of-band update to address this, according to Andrew Lyons (Google). In the meantime, you should check out the Fix It solution in KB article 2719615, which provides a workaround: