The Remote Code Execution vulnerability exploited in this attack effects all versions of Internet Explorer (both 32 and 64-bit) bar the latest version (11). The CVE description for this issue incudes;
There is already fix posted by the TechNet and IE Team, which you can read about in the IE TechNet blog located here: http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
This attack is a little annoying (besides the potential damage it cold allow) as I thought that IE employed security tactics to prevent these kind of attacks. Reading the IE blog posting, the vulnerability is described as;
It looks like the primary components of IE use ASLR and thus benefit from its protection. However, it looks like the sub-components used by IE did not - and, therefore allowing a way in for attackers.
Sort of like, having super secure and vetted full-time employees and then using 3rd-party contractors with similar security access and privileges.
I wonder if Microsoft will call these types of dependency attacks the "Snowden Way In".
CVE Vulnerability Entry CVE 2013-3893