All supported versions of Internet Explorer are vulnerable to a zero-day Exploit that is currently being exploited in
targeted attacks against IE 8 and IE 9, dubbed "CVE-2013-3893 MSHTML Shim Workaround".
Microsoft confirmed that the flaw was unknown before the attacks and that it is already working on an official patch,
meantime Microsoft released an emergency software fix for Internet Explorer (IE) Web browser.
Advisory noted that Microsoft is investigating public reports of a
remote code execution vulnerability in Internet Explorer.
This issue could allow remote code execution if an affected
system browses to a website containing malicious content
directed towards the specific browser type. Victims could be
infected despite the adoption of all necessary countermeasures
due the nature of the flaw previously unknown.
The flaw that has been recently targeted by hackers during
attacks is considerable serious and complicated to fix. Statesponsored hacking groups are often willing to pay hundreds of
thousands of dollars for zero-day vulnerabilities in widely used software such as Internet Explorer.
In the specific case if the attacker successfully exploited the zero-day vulnerability could gain the same user rights
as the current user, due this reason MS confirmed that whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with administrative user rights.
Microsoft's advisory also says that EMET (the Enhanced Mitigation Experience Toolkit) may be used to mitigate
against the vulnerability.