Microsoft has released details of a method users of Internet Explorer can use to secure their computers from a recently discovered exploit allowing malicious code to run on a PC.
Microsoft has admitted to the bug, which it says hurts Internet Explorer versions 6 through 9, but leaves IE 10 alone. The flaw is described as follows:
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
The remedy is detailed in Security Advisory 2757760, where it says that there's no outright fix for the issue at present, but that users can work around the threat by deploying the Enhanced Mitigation Experience Toolkit (EMET), described as "... a utility that helps prevent vulnerabilities in software from successfully being exploited by applying in-box mitigations such as DEP to applications configured in EMET."