A few days ago Microsoft warned its users of an unpatched security hole in its products that could leave Windows users exposed to attacks by cybercriminals.
The Internet Explorer vulnerability, which has the CVE reference CVE-2010-0806 and fortunately does not affect Internet Explorer 8, is being actively exploited by malicious hackers. As reported on the SophosLabs blog, we have seen malicious spam messages being distributed which try and trick users into visiting websites that will exploit the zero day vulnerability to infect PCs.
Sophos detects the exploit scripts seen so far generically as Troj/ExpJS-R.
A proper patch from Microsoft for the problem is not yet available, but the company has issued a…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.