Unpatched Internet Explorer bug causes Microsoft to issue a security advisory for Internet Explorer 9 and previous versions. The in-the-wild exploit can install the Poison Ivy trojan; malware used to steal data or take remote control of PCs.

The issue does not impact Internet Explorer 10, the version of IE that will ship next month in Windows 8. Microsoft Security is offering a cumbersome work around but there is currently no fix.

Today Microsoft released Security Advisory 2757760 to address a targeted issue affecting some versions of Internet Explorer,” a Microsoft representative told me. “The Microsoft Security Response Center (MSRC) blog contains more information about the advisory and some customer guidance.

IE10 is the only unaffected version, and it’s only available with Windows 8 (which isn’t available to the public yet). This is a HUGE deal because all of the affected browsers accounted for 53% of all browsers used worldwide in August.

Until a patch is available, Microsoft recommended that users block attacks with EMET 3.0 (Exploit Mitigation Experience Toolkit), boosting IE’s security zone settings to “high,” and configuring the browser to display a warning before executing scripts. That’s a lot of work and likely out of the reach for many PC users. The danger in a zero day vulnerabilities is that they appear in the wild before patches are made available. So… switch over to Chrome or FireFox folks!

Microsoft Security Response Center blog post