HP‘s (HPQ’s) Zero Day Initiative (ZDI), a program that rewards security researchers for responsibly disclosing vulnerabilities, this week released details about a new Microsoft (MSFT) Internet Explorer (IE) flaw.

Microsoft was told about the zero-day vulnerability in October, ZDI said. The IE exploit is the second of its kind reported in less than a month.

The new vulnerability affects IE 8 users and allows remote attackers to execute arbitrary code on affected versions of the web browser.

ZDI described the vulnerability’s impact on IE 8 users in a security advisory:

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit [vulnerabilities] through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.”

An attacker who successfully exploited the IE vulnerability could gain the same user rights as the current user, ZDI said.

A Microsoft spokesperson yesterday told ZDNet the company was aware of the issue and had not detected any incidents affecting its customers.

“We build and thoroughly test every security fix as quickly as possible. Some fixes are more complex than others, and we must test every one against a huge number of programs, applications and different configurations. We continue working to address this issue and will release a security update when ready in order to help protect customers. We encourage customers to upgrade to a modern operating system, such as Windows 7 or 8.1, and run the latest version of Internet Explorer which include further protections,” the Microsoft spokesperson said.

Microsoft has yet to patch the vulnerability, but ZDI is offering the following workarounds for the time being:

Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].