Microsoft warns of zero-day hole in Internet Explorer

Microsoft has advised that a zero-day hole in Internet Explorer can be exploited to infect Windows PCs with malware. According to analyses by Symantec, attackers have already targeted company employees and attempted to compromise their PCs. The attacked employees received an email containing a link to a specially crafted web page.

At the end of last year, several companies, including Google, were infiltrated in a similar way by hackers who were thought to be Chinese (Aurora). Symantec has not provided any information about the originators of the new attacks. However, the specially crafted web page has since been taken off-line.

Versions 6, 7 and 8 of Internet Explorer are all said to be affected. IE version 9 beta is reportedly immune. The problem is caused by flawed processing routines for parsing certain Cascading Style Sheet combinations in HTML documents. This allows attackers to manipulate certain pointers and execute injected code at the user's privilege level. Microsoft say they are working on a bug fix, but don't currently see any reason for an emergency patch � presumably because the exploit hasn't become publicly available, and because the number of attacks is too small.

Read more -here-