Internet Explorer zero-day exploit threatens huge chunk of IE users
Security researchers this week uncovered a bug in Microsoft's Internet Explorer that is actively being exploited in targeted attacks and remote code execution. Microsoft responded by launching its own investigation of the vulnerability, but has no solution yet.
The vulnerability has been observed in Internet Explorer 6 through Internet Explorer 9 on Windows XP SP3, Vista, and Windows 7, and users can be infected simply by visiting a malicious website.
Microsoft has not yet issued a patch for the vulnerability, but instead offers a couple of workarounds, including the deployment of Enhanced Mitigation Experience Toolkit (EMET) and blocking all ActiveX Controls and Active Scripting in the Internet and Local Intranet security zones.
Users are otherwise advised to switch to another browser.
Photo: Metasploit