Microsoft: The IE threat is real, and so is the fix

Though it remains uncertain if anyone has actually been affected by an Internet Explorer browser flaw that has made national news headlines, Microsoft's tactic today is to treat it as though it's real, and respond the same way.

In a statement to BetaNews early this morning, the author of a Microsoft security vulnerability team blog post yesterday said his team is aware of exploit sites that are trying -- if not yet successful -- to discover the exploit for a problem that the company discovered in response to reports of an active exploit in the field.

"Unfortunately, there are a bunch of active exploit sites right now attempt to exploit Windows XP and Windows Server 2003 users running IE7," the team's Jonathan Ness told BetaNews. "We don't make the decision to release out-of-cycle lightly and we will only do it for confirmed, unpatched vulnerabilities under active attack. If you're familiar with either the Metasploit framework or the milw0rm.com hacker Web site, both have proof-of-concept exploit code available that have been picked up by bad guys to install malware on unsuspecting browsers."

To read more click here