Microsoft are issuing two out of band patches on 28 Jul 2009. One relates to Visual Studio and the other to Internet Explorer.
MS notification is here:
EDIT: More comment here:
What's the betting this is one of the issues?
At the Black Hat security conference on Wednesday, Ryan Smith, Mark Dowd and David Dewey are scheduled to show how to bypass the "kill-bit" mechanism that Microsoft frequently deploys to shut down buggy ActiveX controls.