Microsoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. By convincing a user to view a malicious a web page or an HTML email message or attachment, an attacker may be able to execute arbitrary code.
Users should upgrade to Internet Explorer 11.Windows XP users will not be able to upgrade past Internet Explorer 8. If you are unable to upgrade past Internet Explorer 8 should do the following:
- Use the Microsoft Enhanced Mitigation Experience Toolkit. The Microsoft Enhanced Mitigation Experience Toolkit (EMET) can be used to help prevent exploitation of this vulnerability.
- Disable ActiveX and Active Scripting
- Set the Internet security zone setting to “High” to block ActiveX Controls and Active Scripting.