Microsoft is reporting that a serious zero day flaw has been discovered in almost every version of Internet Explorer.
The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.
Even more serious is the flaw can still get you if you have User Access Control enabled in Vista. Microsoft is suggesting at this time to set your security level to high for the Internet security zone, or disable active scripting. These are nice measures, but they still do not guarantee that you are safe from this flaw.
Microsoft has not yet said if they will do another out of band release, but it seems like it is serious enough that they will – once they engineer a fix that won’t break everything.
So my suggestion is (If you can) use FireFox, or another third party browser. Once the bad guys know this flaw exists they will do everything they can to exploit it.
Here are a few more informative links on the issue:
Technet clarification to workaround
Original Security Advisory from Microsoft
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools