Unpatched Microsoft Internet Explorer vulnerability being actively exploited

Filed Under: Malware, Vulnerability

Critical

As many of you who follow the security scene will know, Microsoft released an advisory about a zero-day vulnerability in the Internet Explorer web browser a couple of days ago.

Sophos published its own analysis of the severity of the vulnerability that I would recommend you read if you haven't already done so.

The bad news is that there isn't an official fix for this vulnerability from Microsoft yet, and we are seeing real in-the-wild instances of websites being struck by SQL injection attacks that then serve up the exploit.

Fraser Howard goes into greater detail about this problem on the SophosLabs blog, explaining how the analysts in our research labs have developed protection against the current wave of attacks and how we have prepared proactive defences what may crop up in the future too.

The latest Sophos Security Threat Report discussed the rising tide of SQL injection attacks and the threat posed by hacked websites (there have been three times more infected webpages discovered during 2008 than in 2007, with one new victim found every 4.5 seconds).

If you haven't yet managed to convince your bosses of the needs for comprehensive protection against web-borne threats, maybe now is the time to do it.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.