"Microsoft has patched a critical flaw in Windows that has existed in every version since the introduction of Windows 95 more than 19 years ago. IBM security researchers discovered the flaw earlier this year and notified the software giant privately in May. The rare bug allows attackers to remotely execute code on an affected system just by convincing Windows users to visit a URL in Internet Explorer. IBM says the exploit can be triggered on Internet Explorer 3.0 onwards, and every currently supported version of Windows is affected.
"This vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library," says IBM researcher Robert Freeman. While Microsoft is providing patches for Windows 8.1, Windows 7, Windows Vista, and its various server releases, the company stopped supporting Windows XP earlier this year so consumers will not be protected if attackers attempt to exploit the bug. There’s no evidence this bug is being exploited in the wild yet, but it has been rated 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS) so it’s well worth patching through Windows Update if you haven’t already. http://www.theverge.com/2014/11/12/7202801/microsoft-patches-critical-19-year-old-windows-bug
advice : change to Firefox and don't use Internet Explorer for the internet if you are still on those systems and you can lock down your Firefox so it is as protected as the latest version of Internet Explorer
advice : if you are somewhat commercial than you should really change those systems - just to make sure that are not responsable for any dataloss you may have when you are attacked
advice : install some free firewall (zone-alarm) antivirus (avast) antispyware (search and destroy) and so on