When Microsoft issues a security fix outside of its usual Patch Tuesday cycle, it’s always for a good reason.
This past Tuesday, Microsoft released Security Advisory 2887505, which reported a newly revealed vulnerability in all supported versions of Internet Explorer.
At this time, there’s no patch for this latest threat to IE, but there is an MS fixit.
We should take this notice seriously. Microsoft reports there are already a small number of attacks targeting IE 8 and 9 on Windows XP and Windows 7 systems. At this time, there are no reports of attacks against IE 10.
Bottom line: Be careful about what links you click while surfing the Web with Internet Explorer (or any other browser, for that matter). Website admins should test their sites with the fixit installed in IE. And if you use the fixit, be sure to download the companion undo fixit and save it on your computer. You’ll probably need to run the undo when the formal patch is released (date unknown).
What to do: Until there’s an official update for this vulnerability, use an alternative browser or download the fixit posted in MS Security Research & Defense blog CVE-2013-3898. Advanced users might also consider downloading and configuring Microsoft’s Enhanced Mitigation Experience Toolkit, which I discussed in the June 6 On Security column....