Microsoft’s Yunsun Wee, Director Trustworthy Computing Group says to take heed if you are using Internet Explorer 9 or earlier versions. The security advisory warns that websites hosting malicious code are a danger to your computer. Microsoft has deployed a work around however until they thoroughly address the problem. IE 10 is apparently not affected.
User should deploy Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) which attempts to prevent hackers from gaining access to your system. It is available free from the Microsoft site. Following installation, you would set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting. Also, you should configure the browser to prompt you before running Active Scripting. Alternately, you can disable Active Scripting in the Internet and local intranet security zones.
The EMET works with Windows XP, Vista, and Windows 7, and Windows Servers 2003 and 2008 – depending on which service packs you have been loaded.
These are interim measures while Microsoft works to fix the problem. Don’t rely on this temporary solution entirely. Continue to use common sense Internet practices. Be cautious when accessing a website, don’t click on suspicious links, nor open emails from senders you don’t recognize. Necessary protective measures include establishing a firewall plus keeping anti-virus and anti spyware current.
Poison Ivy as this bug is being called is supposedly a zero day vulnerability which will infect and take control of your PC. Microsoft’s EMET is considered by some as cumbersome to implement or not a feasible option for some businesses. It has been suggested that users stop using IE until a permanent fix is available. Instead switch to another browser – such as Firefox, Chrome or Opera.