Microsoft has released a patch for a vulnerability in Microsoft VM. The vulnerability allows a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet, provided the full pathname is known. Microsoft FAQ on this issue here.
45f78ff85a497b769b32bbc5a4d880b9fc1c26fdbfcd6eaa0c9b5ca5aeae1852