Microsoft warns of zero-day vulnerability in Internet Explorer

Microsoft has issued a security advisory warning of a zero-day vulnerability in its Internet Explorer browser versions 6, 7 and 8 that could allow remote code execution.

The company said it is monitoring targeted attacks attempting to exploit this vulnerability.

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update," the advisory said.

According to Microsoft, a security feature known as Data Execution Prevention (DEP) helps protect against attacks that result in code execution.

DEP, a feature first implemented in 2005, prevents the exploit from executing successfully, said Wolfgang Kandek, chief technology officer at security firm Qualys.

DEP is enabled by default in Internet Explorer 8 on the following Windows operating systems: Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista Service Pack 2, and Windows 7.

Upgrading to IE8 with DEP is highly recommended as a mitigation until Microsoft can issue a security patch, said Kandek.