Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
As part of the security advisory, we have also included an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code and should not affect your ability to browse the web. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 9 and 10 to apply this Fix it to help protect their systems. The Security Research and Defense blog provides greater technical insight into the issue and how the Fix it helps protect customers.
Internet Explorer 11 is not affected by this issue, so upgrading to this version will also help protect customers from this issue.
We also encourage you to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.
We continue to work on a security update to address this issue. We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.
Group Manager, Response Communications