In late December, a day one exploit was found in Internet Explorer 6, 7 and 8 that when hackers attacked the website of the Council on Foreign Relations and caused that site to host malicious content. The content was released as a heap spray attack conducted via Adobe Flash. A few days later, Microsoft released a quick "Fix-it" patch that closed the problem.
Today, Microsoft has released a full security update for IE6-8, outside its normal "Patch Tuesday" event. In a post on Microsofts Security Response Center blog, the company said:
... if you previously applied the Fix it offered through the advisory, you do not need to uninstall it before applying the security update released today. However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system.
The post added that while most users will be fine with getting the automatic update, those that choose to manually update their Windows PC should go ahead and download this new security patch "as quickly as possible." As we have reported before, this IE security hole does not appear to be present in IE9 or IE10.
Source: Microsoft Security Response Center blog | Image vi Wikipedia