Microsoft announced on its blog on December 29, 2012, that there was a security vulnerability with Internet Explorer 8 that could allow remote code to be executed by computers using IE 8 if a website with malicious code installed is visited. The Los Angeles Times reported that the website for Washington, DC, based think tank Council on Foreign Relations had the malicious code on its site as early as December 21st and was infecting all affected computers that visited the site since that time.
The security advisory referenced in the blog post is #2794220. That advisory indicates that IE 6 and IE 7 are also vulnerable to these attacks, but versions 9 and 10 are not because they do not contain the same lines of code that created the vulnerability. However, neither of these version are an option for those using Windows XP.
On December 31, 2012, Microsoft posted two Microsoft “Fix it” patches. The page contains information on how to install these patches on computers running one of the affected versions of Internet Explorer.
If you are using Internet Explorer versions 6, 7, or 8, you need to install the patches provided to block the security vulnerability if you cannot upgrade to IE 9 or 10 (not an option for Windows XP users). You can determine which version of Internet Explorer you are using by clicking on the “Help” menu or Help icon and select “About Internet Explorer.”