This new warning encourages users to avoid key targeted attacks in progress affecting older versions of their browser.  Key Microsoft resources for Microsoft Advisory 2794220 are noted below:

QUOTE: In this particular vulnerability, IE attempts to reference and use an object that had previously been freed. The components of an exploit for such a vulnerability are typically the following:

*  Javascript to trigger the Internet Explorer vulnerability

*  Heap spray or similar memory preparation to ensure the memory being accessed after it has been freed is useful

*  A way around the ASLR platform-level mitigation

*  A way around the DEP platform-level mitigation We’ve analyzed four exploits, all the targeted attacks we have seen.

They are all very similar:

*  Obfuscated Javascript to trigger the vulnerability

*  Flash ActionScript-based heap spray

*  ASLR bypass using either Java6 MSVCR71.DLL or Office 2007/2010 hxds.dll

*  DEP bypass via chain of ROP gadgets (different ones depending on ASLR bypass)