On April 26, Microsoft released Security Advisory 2963983, which describes a newly-discovered vulnerability affecting all versions of Internet Explorer.
According to the related MSRC blog post, attacks based on this vulnerability are being seen in the wild, but so far those attacks are limited.
This IE vulnerability is apparently based on a vulnerability in Flash.
Microsoft is advising the usual caution, especially when clicking links in email and visiting unfamiliar web sites.
Presumably Microsoft will produce a patch for this vulnerability, and an interim ‘Fix-It’ workaround may be made available soon, but in the meantime, you should either stop using Internet Explorer completely, or at least install and configure EMET.
Windows XP users should not – under any circumstance – still be using Internet Explorer as their default web browser or for browsing the web. This vulnerability is only the first in what is sure to be a long series that make using Internet Explorer on Windows XP extremely risky.
Update 2014Apr28: Ars Technica, The Verge, and the SANS InfoSec handlers diary all have additional information.