A serious vulnerability in Internet Explorer 6 through 9 has come to light, and there’s no patch at this time.
If you must use Internet Explorer for specific applications, use another browser as much as possible and remove or disable Java.
Yet another zero-day exploit targets IE
|UPDATE: Microsoft has released critical update KB 2744842 to patch this vulnerability.|
Microsoft Security Advisory 2757760, dated Sept. 17, warns of a newly disclosed IE vulnerability that could allow remote-code execution — which means an attacker could take over a targeted PC with the same rights as the current user. (This type of threat is why we recommend setting up a non-admin account on the PC you use most of the time.)
According to the advisory, Internet Explorer 10 (included with Windows 8) is not threatened. But that caveat is irrelevant because few Windows users are running Win8 for any purpose other than testing the new OS.
What to do: Here, in a nutshell, are your options:
1) Use another browser. Until Microsoft releases a patch for this new threat, simply do all your Web browsing with Firefox or Chrome — and make sure they’re fully updated.
2) Remove Java. If you must use IE, ensure that Java is fully disabled or not installed. I discussed this in my Sept. 6 Patch Watch column.