As we can read on MSRC blog, Microsoft has published out of band patch for VML vulnerability existing in IE. This flaw was described in Microsoft Security Advisory (925568) published lately.
Bug patched by this update allows remote code execution so it should be applied as soon as it will be possible (some people do some tests and other stuff before patching in real world). Good news is that patch is there on Windows Update if You need it in case of VML exploit outbreak.