The zero-day exploit have been Dubbed as "Operation Clandestine Fox" by FireEye, is currently targeting only users of Internet explorer 9 through IE11.
To get infected by malware, user don't need to open a suspicious email attachments. A simple visit to malicious webpage loaded with this IE exploit code will deliver the malware into your system.
According to FireEye report, the exploit page loads a malicious flash file(.swf) that calls javascript in IE to trigger the IE vulnerability. The reason why attackers used the flash file is to make the attack successful bypassing the ASLR and DEP Protections.
What do you can do to protect yourself?
Microsoft didn't mention when it is going to release the patch. But, it has issued few workarounds for IE users.
One of them is to use the Enhanced Mitigation Experience Toolkit(EMET), a free software from Microsoft that will help in mitigating the exploitation of vulnerabilities by adding additional protection layers.
Micorosof also suggested few other workarounds such as disabling IE extension VGX.dll by entering the following command in cmd:
"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
