“This will make it easier to convince IT management of the robustness and applicability of the exploit,” he wrote in a blog post.
Microsoft recommends installing its free enhanced mitigation experience toolkit (Emet) to mitigate the vulnerability, or disabling active scripting.
More on zero-day vulnerabilities and exploits
- Oracle rushes out patches for Java zero days
- Disable Java to protect from latest zero-day
- Microsoft issues quick fix for IE zero-day vulnerability
- Microsoft investigates IE zero-day flaw
- Zero-day exploit for Yahoo Mail goes on sale
- MySQL security analysis: Mitigating MySQL zero-day flaws
- Private market growing for zero-day exploits and vulnerabilities
- Adobe investigates zero-day that bypasses Reader X sandbox
Emet, first released for public use in September 2010, gives enterprises the means to protect against unknown vulnerabilities and brings newer security protections to older platforms and applications, both Microsoft and non-Microsoft.
Alternatively, Kandek said organisations can upgrade to Internet Explorer 9, which is not affected by the vulnerability.
With Microsoft’s monthly Patch Tuesday security update just a week away, Kandek said it is unlikely that a patch for the vulnerability will be ready on time.