https://www.computerworld.com/s/article/9235097/Microsoft_confirms_zero_day_bug_in_IE6_IE7_and_IE8
Microsoft confirms zero-day bug in IE6, IE7 and IE8
Second time in two years it's had to deal with late-December vulnerabilities
Microsoft on Saturday confirmed that Internet Explorer (IE) 6, 7 and 8 contain an unpatched bug -- or "zero-day" vulnerability -- that is being used by attackers to hijack victims' Windows computers.
http://support.microsoft.com/kb/2458544
Reporting
With EMET 3.0, we have included an additional new reporting capability that we call "EMET Notifier". When you install EMET 3.0, this lightweight component is set to automatically start with Windows. It will show up in the notification area of your taskbar with an EMET 3.0 icon.
EMET Notifier has two duties:
Write events out to the Windows Event Log
Show important events via a tooltip in the taskbar notification area
EMET Setup.msi 6.0 MB
How do I use EMET to protect my software?
After you install EMET, you must configure EMET to provide protection for a piece of software. This requires you to provide the name and location of the executable file that you want to protect. To do this, use one of the following methods:
and get Firefox and it fix or if you like hard work do it with the microsoft windows Fix workarounds and mitigations or get Chrome_25
https://www.networkworld.com/news/2012/123012-microsoft-confirms-zero-day-bug-in-265412.html
https://www.networkworld.com/news/2012/123012-microsoft-confirms-zero-day-bug-in-265412.html?page=2
The shim will be used as the foundation for a soon-to-be-shipped "Fixit," Microsoft's name for the one-click workarounds it often publishes to automate processes, including security mitigations, that most users would feel uncomfortable doing on their own.
To apply the available shim, for instance, users must download the small files from the SRD blog, then enter one or more strings in Windows' Command Prompt.
Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you from this issue.
While we are actively working to develop a security update to address this issue, we encourage customers using affected versions of Internet Explorer to deploy the following workarounds and mitigations included in the advisory to help protect themselves:
Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Deploy the Enhanced Mitigation Experience Toolkit (EMET)
This will help prevent exploitation by providing mitigations to protect against this issue and should not affect usability of websites. An easy guide for EMET installation and configuration is available in KB2458544.
# 1 Get EMET # 2 Get Firefox, Chrome or Opera # 3 You not need to do shim if you do that