A security vulnerability in Microsoft's Internet Explorer 9 and Internet Explorer 10 browsers has left millions of PC users open to infection from a handful of compromised websites. To protect your system, you can install a simple stopgap repair, but don't expect a full fix until next month.
The flaw makes PCs vulnerable to attack by a zero-day remote-code-execution bug. This method, if not the malware, is similar to the current Adobe Flash Player zero-day exploit attack campaign on visitors to certain foreign-policy websites. Hackers have used this zero-day exploit to infect the website of the Veterans of Foreign Wars, among others.
In the case of the Microsoft vulnerability, malefactors took advantage of the flaw before developers could address it, and snuck malware onto certain websites without site administrators' knowledge.
Microsoft will not release a full patch for this vulnerability until next month's Patch Tuesday, at the earliest.
That said, if you use Internet Explorer 9 or 100 — available for Windows Vista, 7 and 8 — you don't have to leave your system undefended. Microsoft has made a "Fix it" available, which offers a jerry-rigged, stopgap patch until a full one emerges. The method of delivery is inconvenient, but the "Fix it" itself is sound.
To install the Fix it, first ensure that your Windows system is up-to-date. You can do this by going into the Control Panel from the Start menu and opening the Windows Update program. (It may be grouped under System and Security.)
Click "Check for updates" in the left-hand navigation bar. Once Windows Update has completed the update check, it will tell you whether there are any critical or important updates to be made.
If there are, then select them and hit "OK" in the bottom right of the dialogue box. You may have to reboot your system.
After updates are completed, visit Microsoft's Fix it page (opens in new tab) for this issue. You'll see a Fix it logo underneath a heading that reads "Enable MSHTML shim workaround." Click "Fix this problem." The solution number is 51007.
The Fix it program will then walk you through its installation, and leave you protected from this zero-day exploit. When Microsoft releases a full patch in the future, it will automatically override the Fix it.
Should you find that the Fix it does not sit well with your system, you can always visit the page again and install Fix it 51008, which undoes the patch you just installed.
Alternatively, if you're running Windows 7 or 8, you can simply upgrade your browser to Internet Explorer 11, which is not affected by this flaw. If you're running Windows Vista, a better solution might be to switch to a non-Microsoft browser until Microsoft issues a full patch.