Microsoft has warned that remote attackers are taking advantage of an unpatched flaw in its Internet Explorer browser to contaminate PCs with a Trojan horse virus.
The company says malicious software that exploits the security flaw is now circulating on the internet. It has advised users to visit the Microsoft website and use its recently launched on-line security scanning tool to decontaminate their systems.
The scanning tool is equipped to detect and remove the recently discovered TrojanDownloader:Win32/Delf.DH virus, said Microsoft.
The bug was originally discovered by industry security experts this spring, and it was originally thought that it could only be used to crash Internet Explorer.
Microsoft has now warned that it can be used to take over users’ machines, alowing remote attackers to execute arbitrary code.
The Trojan horse is downloaded onto users’ machines when they visit malicious websites. As no further user interaction is required to install the bug once they are on the site, the threat is “critical” according to Microsoft’s own classifications. Internet security company Secunia has classed the threat as “extremely critical”.
Microsoft currently has no patch for the threat, but says it is working on one. The company plans to release its next batch of monthly security updates on 13 December.