In lieu of a fix, Microsoft offers workarounds to combat the bug that has left browser users open to attacks.
Microsoft has yet to patch its latest critical Internet Explorer zero-day security flaw, but an advisory about the bug now offers two temporary solutions.
Updated on Monday, Microsoft Security Advisory 2963983 offers new information about the new zero-day vulnerability that affects all versions of Internet Explorer. The flaw could allow remote code execution and has already been used in "limited, targeted attacks," Microsoft revealed, though those attacks have so far affected only IE versions 9, 10, and 11.
The potential reach of the bug could be widespread. Estimates of IE usage range from about 22 percent of people browsing the Web (StatCounter) to more than half of the desktop browser market (NetMarketShare).
The vulnerability is so severe that even US and UK security agencies have cautioned people using IE for now.
So what does Microsoft suggest for people who still need to use Internet Explorer? Turn on a feature called Enhanced Protected Mode. Introduced in IE 10, this mode adds an extra layer of protection by preventing malware attacks from infecting your system.
Microsoft explains how to enable Enhanced Protected Mode (EPM) in the "suggested actions" section of its advisory. The steps are outlined as follows:
EPM is saddled with a couple of limitations. The feature supports only IE 10 and 11 and only 64-bit versions of Windows. And some websites and add-ons won't work with EPM enabled.
How do you protect yourself if you're running an older version of IE or use a site that doesn't play nicely with EPM? You can unregister an associated IE DLL file called VGX.DLL. Microsoft explains how to unregister this file in the suggested actions section.
Until Microsoft can patch this bug, the best option is to use an alternate browser such as Firefox or Google Chrome. But those of you stuck on IE can at least better protect yourself by following Microsoft's suggestions.