Microsoft warns Internet Explorer users of vulnerability
Using Internet Explorer? Better hold off for a while as Microsoft tries to release a patch for a vulnerability in their Internet Explorer that could allow remote code execution.
A new zero-day vulnerability affecting Internet Explorer 6 and 7 is being used in target attacks. In these attacks, people receive emails with a link pointing to a page, which determines if a visitor is using Internet Explorer 6 and 7. If so, the script transfers the visitor unknowingly to the page hosting the exploit where malware is downloaded and runs on their computer without any user interaction. The vulnerability allows for any remote program to be executed without the end user’s notice.
There’s no IE update yet but Microsoft made a couple of workarounds available for this vulnerability.
More info can be found in Microsoft Security Advisory. Got word from Symantec that users of their security tools are protected from this exploit by not allowing the malware to be downloaded.