The Microsoft Security Response Center announced in a security advisory today that an issue exists in Internet Explorer 8 and 9, and potentially all Internet Explorer versions from IE6 to IE11, that could allow remote code execution. The remote code could be executed if an Internet Explorer user browses to a web site that contains malicious content. Microsoft's advisory encourages concerned users to do the following:
- Apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," that prevents exploitation of this issue
See Microsoft Knowledge Base Article 2887505 to use the automated Microsoft Fix it solution to enable or disable this workaround.
- Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Internet Explorer to prompt before running Active Scripting or to
disable Active Scripting in the Internet and local intranet security
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
For more information about this issue, please visit:
Hackers exploit critical IE bug; Microsoft promises patch [Computerworld]