Recently, a new vulnerability has been discovered in Internet Explorer 7, affecting Windows XP, Server 2003/2008 and Windows Vista. Known as the “Internet Explorer XML Zero-Day”, it has already been seen in the wild in China. The vulnerability allows a remote attacker to take control of a users PC after successful exploitation. The exploit occurs when a user visits a web site that has been poisoned by the exploit code. The user then inadvertently is infected with a Trojan, allowing remote code execution and full control of the infected computer.

Microsoft has not yet released a patch but is aware of the vulnerability and has released an advisory HERE as well as a work around that can be performed by Administrators HERE. This vulnerability is considered Critical. Users should remain vigilant when surfing the Internet and check often for future updates to patch the flaw if the work around is not performed.

UPDATE: Microsoft has released a patch for this flaw through Windows Update. You can find more information about the patch HERE.

Jason (Digitalkid)
www.954network.com