The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victim’s computer if the person merely visits the website.
Microsoft released a quick fix for the issue earlier this month, but did not have a more permanent patch ready when it released its monthly batch of patches last Tuesday. The company will occasionally release an emergency patch if the software vulnerability is considered a high risk.
So if Mondays weren’t bad enough, have fun applying this out of cycle patch because Microsoft couldn’t get it done in time for the regular patch cycle. Of course you need to be running an older version of IE for this to be an issue, so there’s that.