Last week, Microsoft confirmed that a zero-day exploit had been discovered in Internet Explorer 10 that was being used in at least one cyber attack out in the wild. Today, the company issued a formal security warning about the exploit and confirmed that it also was found in IE9 as well.
Microsoft's newest security advisory (2934088) states:
This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
The exploit was first discovered and published by the FireEye security firm, which added that it was used by the mystery hackers to compromise the website of the U.S. Veterans of Foreign Wars. Microsoft has now released a quick "Fix It" patch that will close the exploit in both IE9 and IE10. Older versions of the browser are not affected by this problem. Neither is Internet Explorer 11, which means users of IE9 and IE10 who are running Windows 7, 8 or 8.1 can upgrade to IE11 and be protected from the issue.
Microsoft will release a permanent security patch for both browsers in the near future, most likely during March's "Patch Tuesday" event.
Source: Microsoft | Image via Wikipedia