Microsoft has delivered on its promise and has issued a security update that addresses a critical zero-day vulnerability in Internet Explorer version 6 through 9.
It was discovered by security researcher Eric Romang on an Italian hacking tools site, but there have been reports that it has been used to distribute the Poison Ivy Trojan by the same group that exploited the Java zero-day flaw found in the last month.
According to the report, the security update also resolves four privately reported vulnerabilities in Internet Explorer.
If you have enabled automatic update, you don't need to take any action because this security update will be downloaded and installed automatically. If you have not enabled automatic update, you need to check for updates and install this update manually.
About CVE-2012-4969:
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site.
It was discovered by security researcher Eric Romang on an Italian hacking tools site, but there have been reports that it has been used to distribute the Poison Ivy Trojan by the same group that exploited the Java zero-day flaw found in the last month.
According to the report, the security update also resolves four privately reported vulnerabilities in Internet Explorer.
If you have enabled automatic update, you don't need to take any action because this security update will be downloaded and installed automatically. If you have not enabled automatic update, you need to check for updates and install this update manually.