Microsoft has posted a new warning about an exploit that affects its Internet Explorer browser. The zero-day vulnerability, which is already being exploited in the wild, allows for malicious users to install malware on a vulnerable machine.
According to CRN.com, the vulnerable “systems include Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7. However, Microsoft said that so far, Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected.”
The exploit occurs when there is an invalid pointer reference. This reference could allow for malicious users to install and launch malware when the object reference is deleted. Microsoft said that the current attacks appear to be targeted but they are currently working towards a fix.
For any user that is still using a legacy version of Internet Explorer, this is one more compelling reason to upgrade your version to IE 8. By upgrading to IE 8, you are removing one more potential exploit that could allow malware to be installed on your machine.