There's a brand new (week old) critical flaw in Internet Explorer in the wild. It allows remote code execution; in layman's terms, game over. I quite liked how Microsoft announced the vulnerable versions of IE and Windows:
Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.
For those keeping score, yep, that's every operating system they've put out since 2001, and every version of IE they've put out since 1999. Personally, I think they should just say:
Our investigation so far has shown that these attacks work against everything we've released in the last decade.