We have updated Security Advisory 2749920 to include the Fix it we discussed in Saturday’s blog post.  This easy, one-click Fix it is available to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally, applying the Fix it does not require a reboot. While we have still observed only a few attempts to exploit this issue, we encourage all customers to apply this Fix it to help protect their systems.

We continue to work on a security update to address this issue and we’re closely monitoring the threat landscape. If the situation changes, we will post updates here on the MSRC blog and on Twitter at @MSFTSecResponse.

Thank you,

Dustin Childs
Group Manager, Response Communications
Trustworthy Computing