Security 10808 Published by

Microsoft on Saturday confirmed that Internet Explorer (IE) 6, 7 and 8 contain a zero-day vulnerability



From Computerworld:
In a security advisory issued Dec. 29, Microsoft acknowledged that attacks are taking place. "Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," the alert stated.

Newer versions of IE, including 2011's IE9 and this year's IE10, are not affected, Microsoft said. It urged those able to upgrade to do so.

According to multiple security firms, the vulnerability was used by hackers to exploit Windows PCs whose owners visited the website of the Council on Foreign Relations (CFR), a non-partisan foreign policy think tank with offices in New York and Washington, D.C.
  Microsoft confirms zero-day bug in IE6, IE7 and IE8