The Redmond-based technology company has also confirmed that Internet Explorer 9 and 10 are not affected by the flaw, so the Fix it tool must only be downloaded by those still using IE8 or older.
“We encourage customers to apply the Fix it, an easy, one-click solution offered with Security Advisory 2794220, to help ensure maximum protection. Additionally, customers should ensure their anti-malware solution is up-to-date and follow good network hygiene practices, such as enabling a firewall, for added protection against threats,” Dustin Childs, group manager, Microsoft Trustworthy Computing, told us in a statement.
According to Microsoft, the bug allows remote code execution if users browse to a malicious website with one of the affected IE versions. A security update that would completely patch the bug is expected on the next Patch Tuesday cycle.