All versions of the browser from IE 6 to 10 are affected, and while the current temporary fix is designed to prevent exploitation of the bug, a permanent fix should be following, ZDNet reported Tuesday.
Microsoft reported the vulnerability "exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."
"This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type," Microsoft's Dustin Childs wrote in a TechNet post.
IE users should set Internet and local intranet security zone settings to "High," he said.
"In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability," Microsoft said in a security advisory release Tuesday.