Microsoft's newest security advisory (2934088) states:
This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
The exploit was first discovered and published by the FireEye security firm, which added that it was used by the mystery hackers to compromise the website of the U.S. Veterans of Foreign Wars. Microsoft has now released a quick "Fix It" patch that will close the exploit in both IE9 and IE10. Older versions of the browser are not affected by this problem. Neither is Internet Explorer 11, which means users of IE9 and IE10 who are running Windows 7, 8 or 8.1 can upgrade to IE11 and be protected from the issue.
Microsoft publishes Fix It patch for critical IE9/10 vulnerability
Posted on Thursday, February 20 2014 @ 11:29 CET by Thomas De Maesschalck