Itpro.co.uk, December 11, 2008

Microsoft is investigating reports that a new vulnerability in Internet Explorer is being exploited.

So far, Microsoft has found out the attacks are against Internet Explorer 7 on supported editions of Windows XP Service Packs 2 and 3, Windows Server 2003 Service Packs 1 and 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

Microsoft said in its advisory that so far it was only aware of limited attacks which attempted to use the vulnerability.
It also said that it was now actively working with partners to monitor the threat and would take action against malicious websites attempting to exploit the vulnerability.

The software giant added that it would take the appropriate action once it had finished the investigation.

“[It] may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs," Microsoft said in a statement.

Attackers who successfully exploit the vulnerability could host a specially crafted website and convince a user to view it. They could also take advantage of compromised websites that accept user-provided content or advertisements.

Microsoft recently released a massive end-of-year patch which plugged 28 vulnerabilities in the Windows operating system as well as Microsoft software like Excel and Word.