Microsoft Corp. has issued a warning about the vulnerability which affects every single version of Microsoft Internet Explorer – their Technet announcement can be found here.
Lots more info in this gizmodo article regarding the vulnerability, but the gist of the article is that there are ACTIVE EXPLOITS making use of this vulnerability – largely targeting MSIE version 9, 10 and 11 – the attack is call the “use after free” attack and is a fairly complex memory corruption – which then allows the attacker to run arbitrary code on the attacked machine.
According to internet security firm FireEye – the percentage of Internet explorer uses is as high as 26% of all internet users – so more than a quarter of all browsers being used on the internet have the potential to fall foul of this zero-day exploit in MSIE.
Gizmodo suggests that as XP is now “end of life” – there won’t even be a patch for this problem coming to an XP machine – as in – EVER… !!
So – if you’re still using XP and you have to use that machine still – then you would be WELL ADVISED – to not use Internet Explorer, but use the latest Mozilla Firefox instead… we actually recommend not using the XP machine to access the internet at all.
FireEye suggests that running the Enhanced Protection Mode (EMET) in MSIE 10 or higher will prevent your browser being attacked using this method – and also, disabling Adobe Flash will also stop the threat from running on your Internet Explorer.
We suggest Firefox (version 29 was released today) at least until Microsoft releases an out-of-cycle patch for MS Internet Explorer.
Update: there is a little speculation that Microsoft might break with their “end of life” policy and release a one-time patch for this severe vulnerability.