New vulnerability that was disclosed during the end of December and confirmed by Microsoft as a security flaw in Internet Explorer is still unpatched. The vulnerability affected versions 6, 7 and 8 of Internet Explorer while handling recursive cascading style sheets (CSS).
The number of websites that are reported to be compromised and are having malicious web pages that exploit this new bug has increased. Since the patch is not yet released it may not be too far to see this exploit going wild.
Looking at the trend Microsoft has released a temporary fix until they come out with a permanent patch. This temporary fix is a workaround which can be implemented to protect until a patch is released. It comes in the form of a tool (Fix It) that causes IE to reject recursive CSS pages. For this work around to be effective one has to apply all existing security updates first. For more details please visit Microsoft Support webpage that released the Fix It yesterday.
This temporary patch does not get installed automatically and one has to visit the Microsoft Support page, download the fix and apply by following the instructions given on their page.