The company says it has recorded only a limited number of attacks
“We encourage customers to apply the Fix it, an easy, one-click solution offered with Security Advisory 2794220, to help ensure maximum protection. Additionally, customers should ensure their anti-malware solution is up-to-date and follow good network hygiene practices, such as enabling a firewall, for added protection against threats,” Dustin Childs, group manager, Microsoft Trustworthy Computing, told us in a statement.
According to Microsoft, the bug allows remote code execution if users browse to a malicious website with one of the affected IE versions. A security update that would completely patch the bug is expected on the next Patch Tuesday cycle.