Today we updated Security Advisory 979352 to let customers know that we are aware that exploit code for the vulnerability used in recent attacks against IE 6 users, has now been made public. Information on which versions of Internet Explorer are vulnerable and what customers can do to protect themselves is included in the updated Security Advisory.
Our teams are continuing to work on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out-of-band.
Additionally our Security Research & Defense team has written up a blog with additional technical details on the exploit, the vulnerability, mitigations and workarounds.
We continue to recommend customers review the information in the Advisory, implement the workarounds and mitigations, consider updating to Internet Explorer 8 which includes important protections not present in IE 6, and follow the information on our Protect Your PC website.
Senior Security Communications Manager Lead
*This posting is provided "AS IS" with no warranties, and confers no rights.*