Microsoft released an emergency fix for the latest Internet Explorer Zero-Day exploit. This is an out-of-band patch due to the severity of this security hole.
In a surprising move, security bulletin MS14-021 (KB 2965111) also covers Windows XP. This is the last security update that users of the outdated OS will receive. FireEye has uncovered a new version of the exploit that targets Internet Explorer 8 users on Windows XP as well.
Microsoft encourages all Internet Explorer users to apply the fix via Windows Update, because there are actually several versions of it for IE 11 available: for those who have applied the latest cumulative patch for Internet Explorer and for those who have not.
Our recommendations: Users that have automatic updating enabled will not need to take any action because this security update will be downloaded and installed automatically. For information about specific configuration options in automatic updating, see the Microsoft Knowledge Base Article 294871.
For users who do not have automatic updating enabled, the steps necessary for turning automatic updating on or offcan be used to enable automatic updating.
For administrators and enterprise installations, or end users who want to install this security update manually (including users who have not enabled automatic updating), Microsoft recommends that you apply the update immediately using update management software, or by checking for updates using their Microsoft Update service
Windows 7 users, beware: Internet Explorer 11 will crash if you manually apply a wrong version of the emergency update. Please read the Microsoft security bulletin linked above for details.
Please also read the Securing Internet Explorer tutorial for recommended security and privacy practices.
Microsoft Security Bulletin
https://technet.microsoft.com/library/security/ms14-021
Microsoft Releases Fix
https://technet.microsoft.com/en-us/library/security/ms14-may.aspx
Microsoft Knowledge Base information
http://support.microsoft.com/kb/2965111