Protecting against the Internet Explorer zero day vulnerability

Graham Cluley
@gcluley

A few days ago Microsoft warned its users of an unpatched security hole in its products that could leave Windows users exposed to attacks by cybercriminals.

The Internet Explorer vulnerability, which has the CVE reference CVE-2010-0806 and fortunately does not affect Internet Explorer 8, is being actively exploited by malicious hackers. As reported on the SophosLabs blog, we have seen malicious spam messages being distributed which try and trick users into visiting websites that will exploit the zero day vulnerability to infect PCs.

Sophos detects the exploit scripts seen so far generically as Troj/ExpJS-R.

A proper patch from Microsoft for the problem is not yet available, but the company has issued a…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.