Microsoft issued Security Bulletin MS15-093 today with a security update for a vulnerability (CVE-2015-2502) in Internet Explorer. The vulnerability could allow for remote code execution if a user views a specially crafted web page using Internet Explorer. If an attacker successfully exploited the vulnerability, they could gain the same user rights as the current user. Microsoft’s security update helps resolve this issue by modifying how Internet Explorer handles objects in memory.
Symantec customers are protected against this vulnerability with the following detections:
Antivirus
Intrusion Prevention System
Symantec advises that users take the necessary precautions provided in the advisory and apply the patch. We also recommend that users avoid clicking on links from unknown senders in instant messages or emails, and avoid opening unexpected attachments sent through email.
We will continue to investigate this vulnerability and provide more details as they become available.