Security advisory guidance and work-arounds for dealing with the zero-day exploit aimed at Internet Explorer was released by Microsoft on Monday night. The vulnerability in Internet Explorer was posted in a mailing list to Bugtraq security on Friday, and according to the report the attack code affects both Internet Explorer 6 and the newer IE7.
Microsoft had confirmed that the exploit code published last week can compromise PCs running older versions of Internet Explorers. The advisory confirmed that the vulnerability affects IE 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008.
Microsoft officially stated that IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows are not affected. However, it declined to state whether the patch for the flaw will come bundled with its Security updates set for December 8.
Sign up here with your email