Microsoft is investigating a zero-day attack affecting Internet Explorer 7.0, which could enable a hacker to take over infected PCs.
Microsoft said, "At this time, we are aware only of limited attacks that attempt to use this vulnerability. Our investigation of these attacks so far has verified that they are not successful against customers who have applied workarounds."
The website Shadowserver has published a list of sites users should not visit. The Shadowserver website warned, "Visiting a website with this exploit can result in a full compromise of an affected system. Currently most of the exploits out there will attempt to download a Trojan onto the system."
Embarrassingly for Microsoft, the flaw was not covered by the company's latest Patch Tuesday update, issued two days ago.