Microsoft has confirmed that the unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6. It adds IE6 and IE8 Beta 2 to the list and recommends disabling the Oledb32.dll to stay safe.
A Danish security researcher added that Microsoft's original countermeasure advice was insufficient and recommended that users take one of the new steps the company spelled out.
In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports -- IE5.01, IE6 and IE7 -- as well as IE8 Beta 2, a preview version that the company doesn't support through normal channels.
Microsoft have added that they are actively working with partners in Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. Microsoft is also actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
77 Comments - Add comment