Microsoft issues zero-day IE warning

The IE flaw could allow hackers to run malicious code

Microsoft has issued a security advisory for a zero-day Internet Explorer vulnerability that emerged yesterday.

The advisory was released late last night, and confirms that Microsoft is investigating the issue. Security experts had warned that the flaw could cause the browser to crash or take the user to an infected web page.

Microsoft has now issued information about the affected IE versions, and the appropriate workarounds.

IE6 Service Pack 1 on Windows 2000 SP4, and IE6 and IE7 on supported editions of Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 are all affected. IE5.01 Service Pack 4 and IE8 on all supported versions of Windows are not affected.

Microsoft also confirmed that the vulnerability could allow CSS/Style object attacks, which could run malicious code possibly leading to remote control and the taking over of local user rights.

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," the advisory said.

In the meantime Microsoft urged all users to make sure that their applications, firewall and anti-virus systems are up to date.