Last night it posted an advisory bulletin for the vulnerability in Internet Explorer – that appears to affect every version of IE except version 5.
Microsoft said: “The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for this invalid pointer to be accessed after an object is deleted.”
Microsoft added it was aware of limited attacks attempting to use the vulnerability and is monitoring the level of threat it poses.
Microsoft may include a security update to patch the bug in the future. You can read what its advice is, here.