Microsoft released Security Advisory 2934088 which impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected.
Although Internet Explorer 9 is vulnerable, at this time, Microsoft is only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
RecommendationsUsers of Internet Explorer 10 should update to IE11, available here.
If you use Internet Explorer 9 or 10 and are unable to update to Internet Explorer 11, it the below-linked Fix it solution is strongly advised.
|Enable Fix it||Disable Fix it|
Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory as well as the Security Research and Defense Blog article.
- CVE Reference: CVE-2014-0322
- Microsoft KB Article 2896666: Microsoft security advisory: Vulnerability in Internet Explorer could allow remote code execution
- MSRC: Microsoft Releases Security Advisory 2934088
- Security Research & Defense: Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
- Tech Net Advisory: Microsoft Security Advisory (2934088) Vulnerability in Internet Explorer Could Allow Remote Code Execution
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...