Microsoft will fix 12 vulnerabilities including a critical hole in Internet Explorer that affects Windows 7 with 6 updates. The vulnerability apparently is not affecting IE 8. The updates will be out next week.
From Microsoft: The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.