A posting from Dark Reading in there Attacks and Breaches section:
Security experts are urging users to apply newly released mitigations as a stop-gap while waiting for Microsoft to patch a newly discovered critical vulnerability in Internet Explorer.
Microsoft rushed out a Fix It tool yesterday in lieu of a patch after reports surfaced that attackers were using the vulnerability to target Internet Explorer 8 and 9. According to Microsoft, the vulnerability exists in the way that IE accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability could corrupt memory in a way that could permit an attacker to execute code in the context of the current user within IE.
An attacker could exploit this issue through drive-by downloads, either by compromising a legitimate site or tricking a victim into clicking a malicious link in an email or instant message.
“It’s not clear how many legitimate sites, if any, may have been found serving this malware, but Microsoft is definitely taking notice,” says Ross Barrett, senior manager of security engineering at Rapid7. “Considering the timing, I would personally expect to see an out-of-band patch from Microsoft.”
Noting that the issue is believed to be present in all supported versions of Internet Explorer, he adds that it is possible that the vulnerability has been targeted for some time.
To read more click here: