The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer 9 and 10 first reported on February 13 by researchers from security firm FireEye, has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people. Microsoft has released a 'fix it tool' but not a regular patch."
The attacks reported by FireEye and Websense are known as "watering hole attacks" because they involve compromising websites visited by particular groups of people that attackers wish to target, in these particular cases U.S. military personnel (Veterans of Foreign Wars (VFW) website) and French defense contractors (French aerospace association GIFAS (Groupement des Industries Francaises Aeronautiques et Spatiales).
Fortunately, the attacks were not widespread. They were directed at specific targets - so-called APT (Advanced Persistent Threats) attacks, commonly attributed to rogue government organizations.
Users should either upgrade to Internet Explorer 11, which is not affected by this vulnerability, or install the Fix It solution provided by Microsoft.
There's still no word on when Microsoft will supply a comprehensive fix.