Over the weekend, security company FireEye reported an unpatched vulnerability in Internet Explorer which was being used in a targeted zero-day attack against users of a particular web site.

Today, Microsoft announced that the vulnerability will be patched Tuesday in one of their already-scheduled updates. Microsoft says the vulnerability, which has been given the ID CVE-2013-3918, affects an Internet Explorer ActiveX control, but the update that will fix it, Bulletin 3 or MS13-090, is identified as an update to Windows.
Microsoft identifies mitigation techniques, but under the circumstances (highly-targeted attack, patched tomorrow) it's probably not worth resorting to them.
Join Discussion