Over the weekend Microsoft announced a new zero day vulnerability found in every version of Internet Explorer as far back as 6.0. This TechNet advisory points out that this issue is still being researched and that the bug could allow an attacker to execute remote code.
Microsoft states that the vulnerability “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
This attack has been confirmed to be in use in the wild. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. This is resident in older Windows versions and may not be patched, leaving Windows XP security in question.
Netmarketshare reports that affected Internet Explorer versions represent approximately 56 percent of the browser market.
It is recommended that IT administrators follow the workarounds in the advisory until a patch can be released and take steps necessary to limit their exposure.