A few days ago, Microsoft has issued a patch for much talked-about VML flaw in Internet Explorer. Users who applied the fix should be safe now, right? Wrong! Security experts have discovered new vulnerability that is already being utilized by new exploits.
The latest threat is a flaw in the Windows Shell, a part of the Windows operating system responsible for user interface. This flaw can be exploited to allow remote code execution. A few days ago, first proof-of-concept exploits have appeared on the Internet. Hackers have quickly adjusted the code for their purposes and now use their own exploits to install malware, usually identity theft parasites on vulnerable computers.
Fortunately, the number of such attacks remains highly limited. We didn’t receive any reports from our visitors yet.
Microsoft is working on a fix, which is scheduled for October 10. Users are encouraged to apply workarounds provided in the official Microsoft security advisory. Temporary third-party patches are already available. However, Microsoft doesn’t recommend them.