Microsoft has taken a look at the exploits taking advantage of the zero-day vulnerability discovered in versions 6, 7, 8, and 9 of Internet Explorer, and has released a "Fix It" tool and promised that an out-of-band update will arrive on Friday.
The vulnerability, which was discovered by security researcher Eric Romang as he was examining an unrelated Java zero day, has already attracted attention from Microsoft. Without a tailored patch available, the Redmond, Washington, company pointed its users toward its existing Enhanced Mitigation Experience Toolkit (EMET), which it says will prevent hackers from gaining illegitimate access.
German officials from the country's Federal Office for Information Security are taking no chances, and have said that users should simply stop using Internet Explorer for the time being.
Microsoft stands by its recommendation of EMET, saying in a TechNet post that it offers a "good set of additional migrations for Internet Explorer than thwart many of the attacks in the wild." Its confidence comes from its analysis of samples in the wild that are attempting to exploit the zero day.
So far, it has only seen attacks on 32-bit versions of Internet Explorer and those that rely on third-party browser plug-ins.
"In the current situation, the chances of successful exploitation via the current attacks on Windows Vista and 7 strongly depend on the presence of these plug-ins on the targeted computers."
Despite its confidence, the company also asked the public to let it know if there are any cases where EMET is not helping to mitigate attacks.
The company also released the Fix It tool that it previously promised, but with the caveat that the protection it provides only works if the latest security updates have been applied. It is similar to the update that it is promising will arrive on Friday.