Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer, which he claims will affect fully patched versions of Microsoft Internet Explorer 7, 8 and 9.
The exploits, developed over the weekend for the Metasploit exploit toolkit, have been linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August. “Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers such as Chrome or Firefox until a security update becomes available,” a post on the Metasploit community blog said. “The exploit had already been used by malicious attackers in the wild before it was published in Metasploit.”
Microsoft is [strongly] advising all Windows users to install a free security software to protect their PCs from a newly discovered vulnerability in its Internet Explorer browser. The free security tool, called the Enhanced Mitigation Experience Toolkit (EMET), will prevent hackers from gaining access to Windows-based systems and is currently available from Microsoft here .