A proof-of-concept exploit was recently discovered that targets a zero-day vulnerability in Internet Explorer. Symantec Security Response has confirmed that the exploit affects both IE 6 and 7 on Windows XP and Vista platforms, but there are possibilities that other versions of IE and Windows may also be affected.
Mitigation for consumer users:
Mitigation for enterprise users:
· Run all software as a non-privileged user with minimal access rights
· Deploy network intrusion detection systems to monitor network traffic for malicious activity
· Do not follow links provided by unknown or untrusted sources
· Set web browser security to disable the execution of script code or active content
· Implement multiple redundant layers of security