Quote:
An un-patched vulnerability in Microsoft's Internet Explorer is being targeted by attackers. Simply browsing a malicious or compromised web site could result in a trojan or virus infection
Quote:
A new flaw in Microsoft Internet Explorer has been reported that—if successfully exploited—will allow an attacker to gain privileges of the user and potentially perform remote code execution. The most likely method of carrying out an attack is to convince a user to visit a website containing malicious content that exploits this vulnerability. Typically, users are directed to such web sites via a link in an email or in a specially crafted instant message. Since the announcement of the vulnerability on March 23, there have already been several instances of such malicious sites observed.
At present time, Microsoft has published an advisory, along with workaround options, for this issue. No patch is available yet.
This is currently considered a very high-risk exploit. Microsoft plans to release a fix by April 11 with the rest of the security patch. They may release it earlier if it ready earlier.
Microsoft says you can avoid the exploit by turning off active scripting.