There is a vulnerability (flaw) which allows targeted attacks via Internet Explorer versions 6 through 11 to be made on MS Windows PC’s.
The attack seems complex to me and probably not easily made against the masses. The ultimate goal of an attacker would be to encourage a PC user to visit dangerous websites.
Microsoft plan to fix the problem with updates distributed in their normal way, i.e. monthly updates.
If you want to find out more you can visit ITPRO here. Some PC’s will be more vulnerable than others depending on what version of Windows is used and whether Outlook, Outlook Express or Windows Mail are viewing an HTML document.
I just want to pass on knowledge of this WordPress vulnerability affecting mobiles, detected by AVAST, whereby mobile device users are susceptible to redirection. They can be redirected to a malicious web site from WorbPress blogs where the blogger is using a plugin called OptimizePress. NOTE: I am not using that plugin in this blog.
For a week now it has been known that there is an IE9 Zero Day Vulnerability.
Get This Zero Day Vulnerability Fixed
Now Microsoft have published a fix which came to me today in the form of an update as follows (for Windows 7):
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2744842)
Update type: Important
Security issues have been identified that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install the update, you may have to restart your computer.