The security hole in Internet Explorer that went unpatched earlier this week is apparently more serious than originally believed, with Microsoft now saying the flaw affects all versions of the browser. In a revised security advisory the company spelled out the root of the problem, saying that the bug is in IE's data binding functionality and, contrary to earlier reports by independent security researchers, not in the HTML rendering code.
Microsoft is trying to get to the bottom of the issue but, in the meanwhile, is offered users some tips on how to prevent the zero-day attacks such as making sure their Internet security settings are set to “high” so that IE will prompt before running any ActiveX controls or active scripting. Additionally, the company is recommending users to disable active scripting altogether and enable Data Execution Prevention. Further details on how to stay safe are available here.