Microsoft Security Advisory 2488013 for the publicly-disclosed Internet Explorer CSS vulnerability is updated. It now reflects the fact that limited attacks attempting to exploit this vulnerability are present in-the-wild. It also includes a new workaround that can help protect your computers until a security update is available.
“This workaround is an MSI package (Microsoft “FixIt”) that uses Windows application compatibility toolkit to make a small change to MSHTML.DLL every time it’s loaded by IE. This change causes IE to refuse to import a CSS style sheet if it has the same URL as the CSS style sheet from which it’s being loaded. Simply put, the workaround inserts a check to see if a style sheet is about to be loaded recursively, and if it so, it aborts the load of the style sheet. Read more about Windows infrastructure,” explains Microsoft.
It’s important to note that the workaround will protect IE only if the latest security updates have been applied, including MS10-090.
To install the workaround, click here.
If you’d like to uninstall the workaround after you’ve installed it, click here.