Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
To have us fix this problem for you, go to the "Fix it for me" section.
Fix it for me
The Fix it solution that is described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.
For more information about this workaround, visit the following Microsoft Security Advisory webpage:
The advisory provides more information about the issue and includes the following:
The scenarios in which you might apply or disable the workaround
Specifically, to see this information, look for the "Mitigating Factors and Suggested Actions" heading, and then expand the "Workaround" section.
Fix it solution for recursive cascading style sheets
This Fix it solution adds a check to check whether a cascading style sheet is about to be loaded recursively. If this is the case, the Fix it solution cancels the loading of the cascading style sheet. This Fix it solution takes advantage of a feature that is typically used for application compatibility fixes. This feature can modify the instructions of a specific binary when it is loaded. For more information about Custom Fix Databases, visit the following Microsoft websites:
To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it Wizard.
The Fix it solution may cause some slight performance issues because of the increased checking that is required to block the loading of the CSS files.
This Fix it solution was updated February 01, 2011, to allow the LocalSystem account to install the Fix it solution.
Prior to 10:30 PM Pacific Time, 1/11/2011, the Fixit links on this page incorrectly pointed to the Fixit for KB2490606. If you installed the Fixit from this page prior to that time, you should install the Fixit using the current link in this article.
These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
To use this Fix it solution, you must have security update 2416400 installed. Security update 2416400 was released on December 14, 2010 and is described in MSRC bulletin MS10-090.
This Fix it solution must be manually uninstalled before you apply a future Cumulative Security Update for Internet Explorer that contains a software fix for this vulnerability.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE