Microsoft has recently confirmed that Internet Explorer 9 and 10 are affected by a new vulnerability and released a new Fix it solution that prevents the exploitation of the flaw.
The company says that it’s now working with partners to release a full-time patch for the vulnerability, saying that it might release a fix through the monthly security update release process or an out-of-cycle security update, depending on the number of exploits it receives.
“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft said.
“An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
Users of any other IE version are on the safe side, Microsoft said, while those running IE10 and IE9 should get the Fix it solution to patch their browsers.