Hackers find new exploit in Internet Explorer

Microsoft warns users of new security flaws affecting all versions of IE

Microsoft is looking into a newly discovered hole in its browser Internet Explorer (IE). As yet there are no reports of any attacks directly using the flaw.

"Currently the impact of this vulnerability is limited and we are not aware of any affected customers or active attacks targeting customers," wrote Carlene Chmaj of Microsoft Trustworthy Computing on its TechNet blog.

However, given that knowledge of the security hole is in the public domain, it seems likely to be exploited at some point.

Describing the issue in its security advisory, Microsoft said: "The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted web page to gain remote code execution."

The software giant initially stated that it was looking into providing a solution in its monthly security update release, or possibly in a more urgent 'out-of-cycle' release. However the importance of the issue appears to have been downgraded internally, as Chmaj later wrote: "The issue does not currently meet the criteria for an out-of-band release."

The security advisory suggests ways to mitigate against the problem, including the more general advice to "Follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software."