Sans.org published a notice today that there is a 0-day exploit for Internet Explorer in the wild. The updates released by Microsoft yesterday did not fix this vulnerability. The specific exploit checks to be sure it is running in IE7 on XP or 2003 before it does anything, but whether other versions are exploitable is not yet known.
The article says "At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon."