Warning issued on new IE flaws

Three new flaws for which no patch exists - so-called 'Zero Day' flaws - have been identified in Microsoft's Internet Explorer.

Like Sasser, two of the three vulnerabilities need no user intervention and can be downloaded just by logging on to the internet.

The third allows a false web address to be embedded in an email to misdirect users to a phishing site, which then attempts to capture user information.

The US Computer Emergency Readiness Team warned of the phishing flaw late on Friday, while security firm Ubizen highlighted the other two after being in contact with a researcher investigating computers where pornographic banners had been inserted into the browser toolbar.

Ubizen has advised computer users to switch to alternative web browsers like Netscape or Mozilla for the moment.

"[Changing browser is] a harsh workaround but at the end of the day it'll work," said Dick Van Droogenbroeck, senior security assessment engineer at Ubizen's Security Intelligence Laboratory.

"As there is no fix available, the hacker community will seek to massively exploit these vulnerabilities. Hit the wrong web page and it's over and out."

No patches are available as yet.

In a statement, Microsoft said: "Microsoft is actively investigating these reports, to determine the appropriate course of action to protect our customers. This might include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs.

The software giant also promised to "work aggressively with law enforcement to help prosecute individuals or organisations" who exploit the flaws.

Microsoft urged customers to review its safe browsing tips. Details of how to strengthen browser security are also available here.