Barely two weeks after shipping an Internet Explorer security makeover to cover a wave of drive-by malware downloads, Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could be used in code execution attacks. The Redmond, Wash. software maker confirmed it was investigating a warning posted on the Full-disclosure mailing list that the latest versions of IE causes various types of crashes when visiting Web pages with nested OBJECT tags.
A spokesman for Microsoft said the initial investigation has revealed that the bug would most likely result in the browser closing unexpectedly or failing to respond. "Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary."
View: The full story
News source: eWeek