Hackers exploiting Internet Explorer vulnerability
Microsoft reports small number of attacks using IE vulnerability
Microsoft has confirmed that a vulnerability in Internet Explorer is being actively exploited by hackers.
In a posting on Microsoft's security blog, the company said it had reports of a small number of targeted attacks, and that it was working on a fix for the bug.
The bug, which affects Internet Explorer versions 6 to 9, but not IE10, potentially enables a hacker to use a purpose built website to launch exploit code against visitors to the website. The zero-day exploit was first revealed at the weekend.
Yunsun Wee, director of Microsoft's Trustworthy Computing Group said in the blog posting: "We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue."
Microsoft is advising Internet Explorer users to switch security zone settings to ‘high' and activate warnings before executing scripts. For more advanced users, it recommends using its Enhanced Mitigation Experience Toolkit (EMET) 3.0, a utility that helps prevent vulnerabilities in software from successfully being exploited.