Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Security Advisory 2757760 to address a vulnerability in Microsoft Internet Explorer 6, 7 , 8, and 9. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted HTML documents (e.g., a web page or an HTML email message or attachment).



US-CERT encourages users and administrators to review Microsoft Security Advisory 2757760. This advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk against known attack vectors.



Additional information regarding CVE-2012-4969 can be found in the US-CERT Technical Alert TA12-262A and Vulnerability Note VU#480095.



Update: Microsoft has released an out-of-band patch to address this vulnerability. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS12-063 and apply any necessary updates to help mitigate the risk.