Microsoft is now working with its security partners to plug a security risk in its Internet Explorer browser.
The vulnerability affects IE 6 Service Pack 1 on Windows 2000 Service Pack 4, and IE 6 and 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Symantec says for the attacker to launch a successful attack, they need to lure the victim to a malicious Web page or compromised Web site, where malicious code could be installed on the victim’s computer, allowing remote access to its contents.
Microsoft says it is not aware of any actual attacks using this exploit. It says once its investigation into the threat is complete, it will issue a remedy, either through its regular ‘Patch Tuesday’ updates or an out-of-cycle update, depending on customer needs.
The latest version of Internet Explorer, IE8, is not affected, and if you haven’t yet updated to this version, now might be a good time to do so.