Microsoft warns for a vulnerability affecting all Internet Explorer versions from IE6 to IE11 on Windows Vista and up. Vulnerable Internet Explorer versions account for more than 25% of all internet users.
The vulnerability is a remote code execution vulnerability which exploits the way Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.This may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website and then silently install malicious software. If you are using Internet Explorer the malware can only get the same rights as that users, however when you browse as an Administrator it would be able to take over the entire computer.
The issue affects all Internet Explorers since version 6 running on Windows Vista and up. Also systems running IE6 on Windows Server 2003 are affected, however Windows Server 2008 and 2012 machines are not vulnerable.
Microsoft states it will take appropriate action, which could be a monthly security update or an out-of-cycle security update. In the meanwhile the company has posted instructions on how to protect your computer against the exploit which includes increasing the security zone settings or disabling active scripting.
