Microsoft Security Advisory (2934088)

by Carol~ Moderator - 2/19/14 8:28 PM

As per Dustin Childs @ the Microsoft Security Response Center (MSRC):

19 Feb 2014 3:10 PM

Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

As part of the security advisory, we have also included an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code and should not affect your ability to browse the web. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 9 and 10 to apply this Fix it to help protect their systems. The Security Research and Defense blog provides greater technical insight into the issue and how the Fix it helps protect customers.

Internet Explorer 11 is not affected by this issue, so upgrading to this version will also help protect customers from this issue.

Continued : http://blogs.technet.com/b/msrc/archive/2014/02/19/microsoft-releases-security-advisory-2934088.aspx

See:
Microsoft Security Advisory 2934088 - Vulnerability in Internet Explorer Could Allow Remote Code Execution
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

* * * * * * * * *
Note:
In the Microsoft Advisory 2934088 (Suggested Actions > Workarounds) and Security Research and Defense blog, the Enhanced Mitigation Experience Toolkit (EMET) is also suggested as an effective way to block the targeted attacks.