According to security experts from Rapid 7, there is a new security vulnerability which affects all the latest versions of Internet Explorer (IE7, IE8 and IE9) on Windows XP, Windows Vista and Windows 7.
Currently there is no fix from Microsoft, although doubtless this will come in due course. However I’ve also heard from several Windows 7 users that they’re having difficulties applying the latest fixes from Microsoft Windows Update, so even when the fix becomes available you may find you can’t install it. The updates KB273500 and KB2660649 appear particularly troublesome but other updates will install if you manually exclude these when you attempt to update your computer.
Apparently the latest Internet Explorer exploit can be triggered simply by visiting an infected website and gives the attacker the same privileges as the current user. That means if you’re logged in as a Windows administrator you’re especially vulnerable, although it’s serious enough even if you’re only logged in as a standard user.
Rapid 7 advise that until an update is available from Microsoft you use alternative Internet browsers such as Firefox or Chrome. That’s easier said than done however as so many other programs are totally reliant on Internet Explorer. Even eBay’s TurboLister requires IE to run as do a myriad of other utilities from hundreds of software vendors around the world.
It’s expected that Microsoft may issue a Security Advisory regarding the new exploit. In the mean time try not to use IE unless you absolutely have to.
18/9/12 Edited to add:
Microsoft have now issued security advisory 2757760 with a workaround to protect computers against the vulnerability. In truth it’s far to complex for most people to configure and may result in some websites being unreachable and some software not operating correctly. Microsoft have yet to issue a fix through Windows Update.
