Security researchers are warning of a new zero-day vulnerability affecting Internet Explorer. The flaw has already been exploited in the wild.
The flaw, which affects Internet Explorer 7, 8 and 9 on Windows XP, Vista and Windows 7, was discovered over the weekend by researcher Eric Romang. In a blog post, Romang wrote that the Nitro gang -- the same group that apparently used the recent Java zero-day in targeted attacks -- could be connected to the IE vulnerability.
According to researchers at Boston-based Rapid7, users' computers can become infected simply by visiting a malicious website. In a blog post, they wrote that attackers have already been using the exploit in the wild.
Rapid7 advised users to switch to another browser such as Chrome or Firefox until Microsoft releases a security update.
A zero-day exploit module has been added to the Metasploit penetration testing toolkit to give security pros a way to test their systems to see if they are vulnerable, the Rapid7 researchers said.