Microsoft Issues Fix For IE Vulnerability

Microsoft issued a fix for a zero-day vulnerability in older versions of Internet Explorer that could allow attackers to gain control of Windows-based computers to host malicious Web sites. The company confirmed that it was investigating a remote code execution vulnerability in IE 6, IE 7, and IE 8 that could allow an attacker to use the corrupted PC to host a Web site designed to exploit the vulnerability with other users. Versions of the browser after IE 8 are unaffected.

Microsoft said in an update to that security advisory that it has developed a one-click fix that prevents the vulnerability from being exploited without affecting users' ability to browse the Web. Discovered last week, the flaw was reportedly used to exploit Windows PC users who visited the Web site for the Council on Foreign Relations, a nonpartisan think tank specializing in U.S. foreign policy and international affairs. The site has been hosting the malicious code since at least December.