Security 10748 Published by

Computerworld reports that attackers are exploiting a "zero-day" vulnerability in Microsoft's Internet Explorer and hijacking Windows PCs that cruise to malicious or compromised websites, security experts said today.



Microsoft confirmed the IE bug, saying, "We're aware of targeted attacks potentially affecting some versions of Internet Explorer," but did not set a timetable for fixing the flaw.

The unpatched bug in IE7, IE8 and IE9 can be leveraged in Windows XP, Vista and Windows 7, according to Rapid7, the security firm that also maintains the open-source Metasploit penetration-testing toolkit.

Rapid7 urged IE users to ditch the browser and rely on a rival's application.
  Hackers exploit new IE zero-day vulnerability