Internet Explorer 0-day vulnerability discovered
This is big, folks!
Earlier this week security researcher Eric Romang was studying the Chinese web servers used in the recent Java 0-day exploits (See my previous Junk You Java article) when he discovered they are exploiting a previously unknown vulnerability in Internet Explorer. As this was/is located on a server known to be connected with many previous attacks including recent 0-day Java exploits and the Nitro attacks from 2011 it is safe to say that this exploit is in the wild!
Users running Internet Explorer versions 7, 8, or 9 are susceptible to this exploit, which means virtually all users of Windows XP, Vista, and Windows 7 who browse the internet with Internet Explorer. This does NOT affect users of Windows 8 and IE 10.
Computers can be compromised simply by visiting a malicious site and the attacker will have the ability to install keystroke loggers, malware, and access local assets.
At this time Microsoft has NOT released a patch for this vulnerability, but has issued a Security Advisory advising users to install EMET (Enhanced Mitigation Experience Toolkit), however EMET is not especially easy for a user with normal experience levels to setup and the installation/configuration of EMET does not appear to circumvent all aspects of this exploit!
I highly recommend DCT readers install and use either Firefox, Chrome, or Opera browsers until Microsoft is able to issue a patch for this vulnerability! For even greater protection uninstall Java if at all possible, or at least disable it in all browsers.