The Microsoft VM is a virtual machine for the Win32 operating environment. The Microsoft VM shipped as part of most versions of Windows, as well most versions of Internet Explorer.
A new patch for the Microsoft VM is available, which eliminates three security vulnerabilities. The attack vectors for all of them would likely be the same. An attacker would likely create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.
For details and the patch, click here.