On February 19, 2014, Microsoft released a security advisory confirming a limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 9 and 10. The exploit is now being used to in mass attacks.
Customers are advised to update to Internet Explorer 11 or apply the Microsoft Fix it solution described in the Microsoft Security Advisory. A security patch has yet to be released.
Microsoft Security Advisory (2934088) Vulnerability in Internet Explorer Could Allow Remote Code Execution