In a rare move that highlights the severity of the security hole in one of the Web's most popular browsers, the US Computer Emergency Readiness Team and its British counterpart tell people to stop using Internet Explorer until Microsoft can fix it. Read on at CNet.com...
From the U.S. Department of Homeland Security
Microsoft Internet Explorer contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Read more...
US-Computer Emergency Readiness Team is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.
US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.
For more details, please see VU#222929.
US-CERT is aware of active exploitation of a vulnerability in versions of Flash Player which could potentially allow an attacker to take control of an affected system. Adobe has released security updates to address these vulnerabilities.
The following updates are available: