Microsoft released Security Advisory 2963983 which relates to a vulnerability in Internet Explorer.
With the vulnerability, an attacker could cause remote code execution if someone visited a malicious website with an affected browser. Generally, this would occur by an attacker convincing someone to click a link in an email or instant message.
Although the vulnerability affects all versions of IE, at this time, Microsoft is aware of limited, targeted attacks, in which the exploit observed appears to target IE9, IE10 and IE11.
Recommendations are available in
Microsoft Security Advisory 2963983 as well as my blog post,
Security Advisory 2963983, IE Zero-Day Vulnerability which includes additional references.
