Microsoft’s advisory speaks of “active attacks” and follows a separate note from Google that references the IE flaw “being actively exploited in the wild for targeted attacks.”
IMPORTANT: This is not the MS12-037 that Microsoft just patched this week on Patch Tuesday.
This is a zero-day vulnerability. Both Microsoft and Google have issued warnings regarding it.
There are Twitter warnings all over the place about “Warning: State-Sponsored attackers may be trying to compromise your account or computer“.
In leiu of a patch for Internet Explorer to fix this vulnerability, Microsoft has devised a “FixIt” Tool intended to block the attack vector:
Also, according to the ZDNet article:
Microsoft also recommends that Windows users deploy the Enhanced Mitigation Experience Toolkit (EMET), which helps prevent vulnerabilities in software from successfully being exploited.
However, either way, it makes great sense to use Microsoft’s “FixIt” Tool to mitigate this zero-day Internet Explorer vulnerability whether you use Internet Explorer or not.
If you do not wish to use the “FixIt Tool”, you could also use the pre-advisory instructions under the Suggested Actions section to mitigate the problem by disallowing Active Scripting from automatically running on your system (set it to prompt you to allow).