A newMicrosoft Security Advisory (Number 2458511) discusses a recently discovered vulnerability in Internet Explorer that could allow an attacker to execute code remotely. Microsoft says that Internet Explorer 6, 7, and 8 are vulnerable to this attack, but Internet Explorer 9 beta seems to be immune to the exploit.
Some additional details from the Microsoft Security Advisory:
At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Microsoft also suggests some fixes and workarounds for the issue, including:
- Enable a firewall and install anti-virus, anti-malware, and anti-spyware software
- Employ Data Execution Prevention (DEP), which should prevent "attacks that result in code execution and is enabled by default in Internet Explorer 8 on the following Windows operating systems: Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista Service Pack 2, and Windows 7."
- Use Protected Mode in IE on Vista and Windows 7, a step that should also minimize vulnerability to the exploit.
Follow Windows IT Pro on Twitter at @windowsitpro