Microsoft has just published a new security advisory.  This advisory affects Internet Explorer and can lead to remote code execution on machines.  There have been reports of limited targeted attacks which makes this a zero-day exploit as there is no patch available yet for this vulnerability.

Microsoft has posted a couple of workarounds to help mitigate this risk:

  • Set your Internet Security Zone settings to "High" for ActiveX Controls and Active Scripting
  • Set Internet Explorer to prompt or disable Active Scripting
  • Enable DEP for Internet Explorer

With a vulnerability like this, it is very important to be aware of phishing attempts through email, instant messaging or Internet sites.

Because this affects Internet Explorer and is a zero-day exploit, we can probably expect an out-of-band patch release in the coming days/weeks before February's patch Tuesday.

This could be related to the Google breach reported a few days ago as the advisory page cites Acknowledgements to Google, Adobe and McAfee.

- Jason Miller