UPDATE: Microsoft has now stated that there are known attacks in the wild for IE8 and IE9. They have also confirmed that this issue does, indeed, affect all versions of Internet Explorer. The Security Advisory has been updated to reflect the new information.
Today, Microsoft has released some information regarding a new vulnerability in Internet Explorer 8 and 9 that could allow remote execution. Actually, IE8 and IE9 was listed in the new security advisory, but Microsoft also suggests the issue could "potentially affect all supported versions" of Internet Explorer. Microsoft will know for sure once the issue is investigated.
Until a security update is available, Microsoft has provided a set of workarounds to ensure computers are not affected by the risk. The workarounds include:
- A Microsoft FixIt solution that must be run manually on each PC.
- Setting Internet Explorer's local intranet security zone setting to "High," so that ActiveX controls and Active Scripting is blocked.
- Configuring the Internet and local intranet security zones so that Active Scripting either prompts before executing, or so that it is disabled altogether.
Read through the full Security Advisory: Vulnerability in Internet Explorer Could Allow Remote Code Execution (2887505)