A critical vulnerability has been found in all the versions of Internet Explorer, including IE9 on Windows XP SP3, Vista, and Windows 7, and users can be infected simply by visiting a malicious website. The attack uses a specially-crafted Flash animation to drop a malware kit known as Poison Ivy on the target machine - as Ars Technica notes, it appears to be the work of the same gang responsible for exploiting a zero-day vulnerability in Java last month.
Microsoft has issued an official advisory note acknowledging the problem and advising users to download its existing Enhanced Mitigation Experience Toolkit (EMET) to reduce the risk, but has not released a dedicated patch.
Germany's Federal Office for Information Security advising users to switch to browsers other than Internet Explorer until the problem is fixed, the vulnerability is likely to have an effect on the browser's short-term market share, and its ongoing battle with Google's Chrome.
Source: Reuters