Microsoft are issuing two out of band patches on 28 Jul 2009. One relates to Visual Studio and the other to Internet Explorer.
MS notification is here:
EDIT: More comment here:
What's the betting this is one of the issues? :D
At the Black Hat security conference on Wednesday, Ryan Smith, Mark Dowd and David Dewey are scheduled to show how to bypass the "kill-bit" mechanism that Microsoft frequently deploys to shut down buggy ActiveX controls.