"The exploit is being distributed from many compromised websites around the world, researchers from Symantec said"
The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people.
The vulnerability affects Internet Explorer 9 and 10 and was publicly revealed on Feb. 13 by researchers from security firm FireEye who found an exploit for the flaw being served from the Veterans of Foreign Wars (VFW) website. Researchers from security firm Websense later reported that the same vulnerability was being exploited from the compromised website of French aerospace association GIFAS (Groupement des Industries Francaises Aeronautiques et Spatiales).
Microsoft published a security advisory about the vulnerability, which is tracked as CVE-2014-0322, and released a "Fix It" tool as a temporary workaround. However, the company has not yet released a regular patch through the regular Windows update channel.
Continued : http://www.computerworld.com/s/article/9246603/IE_zero_day_exploit_being_used_in_widespread_attacks
@ Symantec: Internet Explorer 10 Zero-Day Vulnerability Exploited in Widespread Drive-by Downloads
Looking for great gifts under $100?
Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.