Microsoft announced today that have issued an out-of-band security update to fix the Internet Explorer vulnerability discussed in Microsoft Security Advisory 2963983. This vulnerability is actively being used in targeted attacks and allows remote code execution on the affected computers. Today’s KB2964358 update will patch this vulnerability so that users of Internet Explorer are no longer affected. In a surprise move and a testament to the danger posed by this vulnerability, Microsoft released a patch for Windows XP users even though it is no longer officially supported.
This KB2964358 security update is currently available via Windows Update and all users, whether you use Internet Explorer or not, are encouraged to install it. To install the update, please open Windows Update and click on the Check for Updates option. Once Windows Update has finished checking, you should see a new update titled Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2964358). Please select that update and install it immediately.
If you do not see the update installed, check to see if it is installed by clicking on the View Update History option.
Microsoft has also announced that malware is being distributed via email that is claiming to be this update. If you receive an email that is supposedly from Microsoft and that contains an executable please do not run it. Microsoft will never distribute security updates via email.