"At this time, we are only aware of limited, targeted attacks against Internet Explorer 10," Dustin Childs of Microsoft's Trustworthy Computing group wrote on a Microsoft blog. "This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message," he said.
The released fix protects against the known attacks that exploit the bug, he said.
"Internet Explorer 11 is not affected by this issue, so upgrading to this version will also help protect customers from this issue," Childs said.