Microsoft is investigating new, public reports of a vulnerability in
Internet Explorer 6 and
Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution.
原帖地å€: TechSpott - Computer and technology forums http://www.techspott.com//showthread.php?p=683 At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs
Mitigating Factors:
- Internet Explorer 8 is not affected by this vulnerability.
- Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems helps to limit the impact of the vulnerability as an attacker who successfully exploited this vulnerability would have very limited rights on the system. An attacker who successfully exploited this vulnerability on Internet Explorer 6 or Internet Explorer 7 could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
http://www.microsoft.com/technet/sec...ry/981374.mspx 
Connect with Facebook
New Internet Explorer Code-Execution Attacks Go Wild 
Linear Mode
