Windows: IE 0-day vulnerability

SUMMARY: Windows: IE 0-day vulnerability
POSTED ON: 09/18/2012
REPORTER: Jocelyn E Kasamoto (jocelyn)
START TIME: Sep 18 09:50 AM
END TIME: Oct 18 09:50 AM
DESCRIPTION: Microsoft issued Security Advisory 2757760 for a critical 0-day vulnerability in Internet Explorer versions 7, 8, and 9. IE 10 is not affected. Microsoft is aware of targeted attacks exploiting this vulnerability.

The IE bug allows hackers to execute code on a Windows machine when users visit a malicious or compromised website using IE. The exploit code has already been added to Metasploit.

Until a patch is released, it is recommended that you use an alternate web browser, such as Firefox or Chrome. Use IE only for trusted web applications that require IE -- at your own risk. Microsoft also lists workarounds in the security advisory.

Microsoft Security Advisory
http://technet.microsoft.com/en-us/security/advisory/2757760

Computerworld: Microsoft confirms hackers exploiting critical IE bug, promises patch
http://www.computerworld.com/s/article/9231396/Microsoft_confirms_hackers_exploiting_critical_IE_bug_promises_patch?taxonomyId=85&pageNumber=1

Microsoft Security Response Center
http://blogs.technet.com/b/msrc/archive/2012/09/17/microsoft-releases-security-advisory-2757760.aspx