Original release date: September 18, 2013
Microsoft has released Security Advisory 2887505 regarding a remote code execution vulnerability (CVE-2013-3893) impacting Internet Explorer versions 6 through 11. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. The Microsoft Fix it solution, “CVE-2013-3893 MSHTML Shim Workaround,” prevents exploitation of this issue.
US-CERT encourages administrators to review Microsoft Security Advisory 2887505 and Knowledge Base article 2887505 and follow best practice security policies to determine which updates should be applied.