They put an exploit in, they put a patch out, they put an exploit in and users turn themselves about… You get the idea (sorry, I know it’s bad)…
IE users (and Microsoft) are having a particularly bad couple of weeks. First the VML issue became critical and widespread, with all the associated user confusion of the work-arounds and such. Microsoft then releases an out-of-cycle patch, only to be one-upped by attackers who almost immediately release a reworking of a formerly DoS attack into yet another remote code execution bug in IE.
As with VML, this new “old” bug is likely to be widespread and adopted into various bot and browser vulnerability frameworks. Basically, continuing to make it even more unsafe for users to browse the web at large than before…Blah, Blah, Blah… Just as before, repeat – because apparently “that’s what it’s all about”.
In the meantime, while we wait on patches for this latest IE exploit, do the usual. Try and educate users about safer browsing choices, reinforce the idea of enclave computing with your management team, harden your browsing environment as much as possible and make sure IDS/IPS signatures and AV/Spyware signatures are up to date.
Oh, and if you have time, learn the hokey pokey dance. It’s helpful at weddings and looks like it might be a good skill to have for the coming months!