Microsoft has confirmed the existence of code that could
be used by hackers to exploit a security bug in its Internet
Explorer web browser.
The confirmation comes after three separate reports of security
flaws in Internet Explorer earlier this week.
In an advisory notice, the software giant confirmed that a
vulnerability in the browser could allow hackers to execute
arbitrary code on the user's system.
Microsoft said, “We have seen examples of proof-of-concept code
but we are not aware of attacks that try to use the reported
vulnerabilities or of customer impact at this time.”
Attackers would not be able to exploit the bug to force users to
visit a malicious website, but could lure victims through e-mail or
specially designed web banner advertisements.
In an e-mail based attack, users would have to click a link to
the malicious site or open an attachment that exploits the
flaw.
Microsoft said it was continuing to investigate and would
produce additional guidance where necessary.
A security update would be provided through the regular monthly
patch release or a special one-off release, the company said. The
next scheduled patch release is on Tuesday 11 April.