Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is actively working with partners to monitor the threat landscape and take action against these malicious sites that attempt to exploit this vulnerability.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2847140. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate risk against known attack vectors.
US-CERT will provide additional information as it becomes available.