Zero-Day Attacks on IE8 and IE9 Might Already Be Active in the Wild

Yesterday, we let you know that Microsoft had released a new Security Advisory outlining a potential attack on IE8 and IE9 that would result in remote execution. Overnight, Microsoft has updated the Security Advisory to suggest that an active attack could already be underway.

In the updated Security Advisory Microsoft states they are currently investigating public reports of the vulnerability and that they are aware of targeted attacks that are attempting to exploit the flaw. They also confirm that the vulnerability exists in all supported versions of Internet Explorer, despite the attacks observed for IE8 and IE9.

In the Security Advisory, Microsoft gives a few suggested workarounds and confirms that the Microsoft FixIt Solution (CVE-2013-3893 MSHTML Shim Workaround) does prevent the Internet Explorer defect from being exploited.

Here's the full, updated Security Advisory that also includes the link to the Microsoft FixIt Solution: Microsoft Security Advisory (2887505) - Vulnerability in Internet Explorer Could Allow Remote Code Execution

As noted yesterday, there are a couple other methods to ensure the exploitation doesn't happen, however, for expediency, here's the direct link to the Microsoft FixIt Solution: Microsoft Knowledge Base Article 2887505