Unity just made the following tweet:
Essentially a vulnerability was detected in ALL versions of Unity for ALL versions of the Windows operating system, that enable a hacker to remotely run code by exploiting a security flaw in the Unity editor. It DOES NOT affect games created with Unity and Mac and Linux users are unaffected. Applying the patch may result in rebuilding asset bundles when you first open your project after the patch is applied.
The patch was released for all major versions after Unity 5.6, as well as a mitigation tool for people running versions of Unity before Unity 5.6. Here are the download links for the patches and tools:
You can learn more details about the vulnerability and the corresponding patches/mitigation tool here. If you are a Unity developer, I highly recommend you apply the patch immediately, especially as details of the exploit become more publically known.