Microsoft is investigating a zero-day attack affecting
Internet Explorer 7.0, which could enable a hacker to take over
infected PCs.
Microsoft said, "At this time, we are aware only of limited
attacks that attempt to use this vulnerability. Our investigation
of these attacks so far has verified that they are not successful
against customers who have applied workarounds."
The website
Shadowserver has
published a
list of sites users should not visit. The Shadowserver website
warned, "Visiting a website with this exploit can result in a full
compromise of an affected system. Currently most of the exploits
out there will attempt to download a Trojan onto the system."
Embarrassingly for Microsoft, the flaw was not covered by the
company's latest
Patch Tuesday update, issued two days ago.
