During the interim, Microsoft is recommended two stopgap measures. The first recommendation involves setting security levels for both the Internet zone and the local zone to high. The objective is to discontinue ActiveX controls and Active Scripting on the machine.
"Running the Internet zone like that is generally fine and a good idea," said nCircle's Storms. "But putting the local zone into a high-security mode generally comes with some unexpected consequences. Some business applications may not function correctly with that setting because they generally use things like ActiveX scripting."
Microsoft's second piece of advice is to use the company's Enhanced Mitigation Experience Toolkit (EMET), which it believes could block most of the attacks without adverse impacts elsewhere on the system. According to BeyondTrust’s Maiffret, preliminary testing indicates that this countermeasure is successful in at least some scenarios.
And, prompt response is advised. With the exploit now integrated into Metasploit and similar kits, the attack vector becomes much more inviting to a much wider range of cyber criminals.
"The last few zero days we've seen have been quickly added into the everyday exploit toolkits," said Maiffret. "When these things are used in targeted attacks, they typically impact a limited number of companies. But, once they are in the kits, the fallout can be a lot worse. We're now in a situation where basically anyone can do it. It's point and click easy."
PUBLISHED SEPT. 18, 2012
This story was updated on Sept. 18, 2012, at 5:00 p.m. PST, in order to note that Yunsun Wee, director of Microsoft Trustworthy Computing, issued a statement Tuesday afternoon indicating that a patch would be available "in the next few days."