According to Rapid7 security forum, a new zero-day exploit for Internet Explorer 7, 8, and 9 has hit computers running Windows XP, Vista and 7. Zero-day exploits involve software that takes advantage of a security hole within a site to carry out an attack.
This means that computers actively using Internet Explorer can be compromised by visiting a malicious site and give cybercriminals â€œthe same privileges as the current user.â€
â€œWeâ€™re aware of targeted attacks potentially affecting some versions of Internet Explorer. We have confirmed that Internet Explorer 10 is not affected by this issue,â€ Yunsun Wee, director of Microsoft Trustworthy Computing, told Mashable. â€œWe recommend customers deploy Microsoftâ€™s Enhanced Mitigation Experience Toolkit (EMET) 3.0, which provides effective protections without affecting the Web browsing experience. We will continue to investigate this issue and take further actions as appropriate.â€
The Rapid7 forum said â€œthe exploit had already been used by malicious attackers in the wild before it was published in Metasploit.â€
â€œThe associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter),â€ the Rapid7 alert said. â€œWe have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop countermeasures.â€
In the meantime, Internet Explorer users should consider switching to another browser, such as Google Chrome or Mozilla Firefox, at least temporarily. Those who are die-hard fans of Internet Explorer should proceed cautiously and upgrade to version 10 â€” which is in preview now â€” before using the web again.