Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. Applying the Microsoft Fix it solution, “MSHTML Shim Workaround,” prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information.
Apply the Microsoft Fix it solution, “MSHTML Shim Workaround”, that prevents exploitation of this issue
See Microsoft Knowledge Base Article 2794220 to use the automated Microsoft Fix it solution to enable or disable this workaround.
On Monday, January 14, 2013, Microsoft is planning to release an out-of-band critical security update for the issue described in Security Advisory 2794220.
The update is to address an issue that affects Internet Explorer versions 6, 7 and 8. Internet Explorer versions 9 and 10 are not affected.
Although Microsoft has seen only a limited number of customers affected by the issue, the potential exists that more could be affected. Thus, it is advised that the update be installed as soon as possible.
If you use Vista and Windows 7, you should already be at Internet Explorer 9. If Windows XP, you should already be at Internet Explorer 8. If that is not the case, please update asap.
Note: The Advance Notice for this update to Internet Explorer versions 6-8 indicated if the Microsoft Fix it was applied, it was not necessary to uninstall it prior to updating IE.
The advice provided now is to disable the Fix it after updating as it is no longer required.