Microsoft Internet Explorer Vulnerability

An vulnerability in Internet Explorer is now being exploited in order to install malware on a victim’s machines.  All versions of Internet Explorer from Internet Explorer 5.01 Service Pack 4 to Internet Explorer 8 Beta 2 are potentially vulnerable.

The flaw can be exploited by simply visiting a website containing the malicious code. Users can be taken to one of these websites by clicking on a link in spam or instant message or by visiting a legitimate website that has been hacked. Legitimate websites are being compromised via SQL injection attacks and modified to include the exploit.

Microsoft has not yet released a patch however they have published a security advisory giving more details about the vulnerability and a blog post clarifying the various workarounds.

Shadowserver.org has posted a list of domains that are exploiting this vulnerability.

Other browsers, such as Firefox are not vulnerable.

Update: 17 December 2008:

Microsoft has now released a patch for this vulnerability.  Ensure your systems are updated asap.