But the Fix it route will be easiest for most people: Microsoft offered the tool on its support site, and customers need only click the icon on the left, the one marked "Enable MSHTML shim workaround." Microsoft has used the shim approach before when faced with unexpected attacks against IE, most recently last September.
Based on past practice, Microsoft's Fixit workaround probably uses the Application Compatibility Toolkit to modify the core library of IE -- a DLL (dynamic link library) named "Mshtml.dll" that contains the browser's rendering engine -- in memory each time IE runs. The shim does not quash the bug, but instead makes the browser immune to the attacks Microsoft has seen in the wild so far.
Users can also ditch IE for an alternate browser such as Google's Chrome or Mozilla's Firefox to stay safe until Microsoft comes up with a permanent fix, or if they're able, upgrade to IE11, which does not contain the bug. Windows 7, Windows 8 and Windows 8.1 users can run IE11, but those still stuck on Windows Vista cannot, because the 2007 operating system maxed out at IE9, one of the two versions vulnerable to attack.
According to Web measurement company Net Applications, about a third of all those people using IE are running either IE9 or IE10; approximately 16%, or one in every six IE users, run IE10, the version that has been targeted by cyber criminals.
Storms was mystified by some aspects of the vulnerability, particularly Microsoft's contention that, "We are not aware of any elevation of privilege or sandbox escape vulnerability being used to 'break out' of the Internet Explorer Protected Mode sandbox."
Protected Mode is Microsoft's label for the IE "sandbox," a technology to isolate the browser from the rest of the system so that if a successful exploit does hack the browser, the attack code should not be able plant malware on the PC. Protected Mode has been a feature of IE since IE7, which debuted in 2006.
"Even after the exploit gains code execution, it still needs a non-trivial element to result in a persistent compromise of the computer," Microsoft's Sikka wrote on the Security Defense & Research blog.
If a sandbox escape was not part of the exploit, Storms and others wondered how the attackers had managed to plant malware on the compromised machines. When asked what that meant, Storms replied, "It means there is something they aren't telling us."
Chaouki Bekrar, CEO of French vulnerability research lab and zero-day seller Vupen, had wondered much the same last week. "Usual question about yesterday's CVE-2014-0322 in the wild. How can it install EXE without IE sandbox bypass, any bypass there?" Bekrar asked in a Feb. 14 tweet directed at FireEye.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.