Microsoft is warning users about an unpatched vulnerability withinInternet Explorer. The warning arrives after research company SECConsult published a demonstration how hackers could use thevulnerability to implant malware.
Microsoft said it was investigating the flaw and suggested a patch may soon be available.
“At the completion of this investigation, Microsoft will take theappropriate action to help protect our customers, which may includeproviding additional mitigation guidance through this SecurityAdvisory,” said the company in a statement.
Most existing versions of Internet Explorer are vulnerable to theexploit and Microsoft has advised users to change security settings inthe Internet security zone to high, which sends prompts before runningActiveX controls.
“We have not been made aware of any attacks attempting to use thereported vulnerability or customer impact at this time, but we areaggressively investigating the public report,” Microsoft said.
Last week, The U.S. Computer Emergency Readiness Team (US-CERT) issued an alert about a flaw in a Veritas Software data backup product, which it says was being actively exploited.