I know this is a shocker. Microsoft recently confirmed a new security vulnerability in Microsoft Internet Explorer (IE) but declined to speculate when a fix will be available. Australian security firm SEC Consult discovered the flaw.
"Microsoft is investigating a new public report of a vulnerability affecting Internet Explorer," Microsoft wrote in a security advisory describing the flaw. "We have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time. But we are aggressively investigating the public report."
According to SEC Consult, attackers who exploit the vulnerability can crash the browser and potentially execute arbitrary code on the exploited PC. The flaw affects IE 6.0 on Windows XP with Service Pack 1 (SP1) and SP2 and on Windows 2000 with SP1, SP3, and SP4.
Although no fix is available at this time, Microsoft is offering a workaround. According to the company, users can set the browser's Local Intranet security zone setting to High, which will produce a prompt before any ActiveX controls are allowed to run. See the security advisory for other Microsoft advice. My advice is to use a more secure Web browser. I prefer--and use--Mozilla Firefox.