alertMicrosoft has issued a security advisory for the zero day vulnerability that I reported on a few days ago here on Patch Central. You can find it at http://technet.microsoft.com/en-us/security/advisory/2934088.

 

The advisory provides more information about this remote code execution vulnerability that affects only IE 8 and 10. The good news is that the vulnerability is mitigated by the enhanced security configuration in which IE runs on Windows Server operating systems. As long as you’re running IE in this default configuration on your servers, and haven’t added the web site hosting malicious content to the Trusted Sites zone, these operating systems are unlikely to fall prey to this exploit.

 

We reported previously that you can install the Enhanced Mitigation Experience Toolkit (EMET) to mitigate the effects of this vulnerability. In addition, Microsoft has created a “Fix It” solution that can act as a workaround for this problem. This enables the MSHTML shim. You have to install the latest updates for your version of IE (9 or 10) before applying the Fix It. You’ll find the Fix It link here:

 

http://support.microsoft.com/kb/2934088/en-us

 

The workarounds are not a substitute for a subsequent security update to patch the vulnerability but will provide protection for your systems until Microsoft releases a patch.