For the second time already in 2010, Microsoft's Patch Tuesday security bulletin release has come with a footnote--an unpatched zero-day exploit affecting Internet Explorer (IE). Security vendors are reporting more incidents of this new IE vulnerability being exploited in the wild, so IT administrators need to understand the threat and take action to protect vulnerable browsers.

Ben Greenbaum, senior research manager for Symantec Security Response, explained via e-mail "At this point in time, we're seeing limited attacks in the wild as the result of an unpatched bug in certain versions on Internet Explorer."

Greenbaum described the threat. "Based on the limited attack attempts we've seen, we believe the zero-day exploit was used as a targeted attack. In our tests, we found a fully-patched version of Internet Explorer 6 to be vulnerable to the exploit code. The exploit is carried out simply by visiting a Web page hosting the vulnerability. When the browser opens the page, the exploit causes the user's computer to download and execute another piece of malware, which is an Infostealer/Backdoor Trojan."

More: http://pcworld.com/businesscenter/blogs/bizfeed/191192/

............................................................................................