Here we go again…

Exploit code for a critical flaw in fully patched versions of Microsoft Corp.’s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.

The zero-day exploit, posted by a U.K.-based group called “Computer Terrorism,” could allow a remote hacker to take complete control of a Windows system if the victim simply browses to a malicious Web site.

Ziff Davis Internet News have verified that the exploit works on fully patched Windows XP systems with default IE installations…

…The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw.

Benjamin Tobias Franz, a German security researcher, originally published an advisory in May this year to warn of the denial-of-service bug.


You know the mantra.

Switch to another browser. Practice safe computing. Keep the scanners and firewalls on high alert. Or, switch to Linux or Mac.