It is a “remote code execution vulnerability” that requires the user to navigate to a page that exploits this bug. While this may be possible while browsing the Internet, addons within ILLiad, Ares, and Aeon are generally only pointing to known and reputable web sites (Google, Amazon, ILSes, etc.).
So while the staff client does use Internet Explorer to display web pages in addons, users should not be at risk so long as they are only using addons written by trusted sources.
As for when Atlas products will no longer use Internet Explorer as the browser for its addons, that is a larger issue and one that will take more investigation. We will continue to look at that but can’t give any timelines or ideas as to what might change about that yet.
Feel free to contact support if you have any questions about this by calling 800-567-7401 or emailing email@example.com.