Today Microsoft announced a new vulnerability which applies to all current versions of Internet Explorer 6,7,8,9,10, and 11.

Windows Server 2003, 2008, and 2012 are vulnerabile if Enhanced Security Configuration is turned off.  Out of the box these operating systems are not vulnerable.

Windows XP, Vista, 7, and 8/8.1 users are urged to discontinue use of Internet Explorer until a patch is released (or in the case of XP users – discontinue use of Internet Explorer altogether since no patch will be released).

More information and modifications that can be made to your configuration to make it less vulnerable until a patch can be released is available from Microsoft.

Source: US-CERT