Microsoft has quietly released a patch for the VML exploit today. Get it via their update service at http://windowsupdate.microsoft.com/ or wait for your automatic updates to notice it . . . personally I would not wait.
If you previously used any of the mitigating workarounds for this exploitable bug, make sure you reverse or rollback that workaround before applying the official patch.