Updated to add: Microsoft has announced that they will be releasing out-of-band updates for this on December 17th.Zero-day exploits are actively targeting an unpatched Internet Explorer vulnerability.Microsoft recently expanded their Security Advisory 961051 to include all versions of Internet Explorer. The vulnerability was originally thought to only affect IE7.As you can see, it's now a very long list of related software:There are a number of (perhaps cumbersome) workarounds that may provide some mitigation:More bad news, SQL Injection attacks are being used to hack legitimate websites in order to host exploits, turning trusted sites into malicious exploit hosts.You can read additional details at Security Fix and eWeek.com.Someone in the eWeek advertising department is trying to tell you something.…and a tip of the hat goes to Camillo for providing the subject line to this post.
