The discovery of a new unpatched vulnerability in Microsoft’s Internet Explorer may aid criminals in phishing frauds.
According to advice from security monitoring company Secunia the error could be exploited to fake the address bar in a browser window.
The flaw exists because of an error in the way the Microsoft Web browser loads web pages and Macromedia Flash animations. Secunia rates the issue "moderately critical" and has created a special web page where users can test their web browser to see if they are affected.
Microsoft comments "Our initial investigation has revealed that customers who have set their internet security settings to high, or who have disabled active scripting, are at reduced risk from attack as the attack vector requires scripting.”
Microsoft plans to release a security update for Internet Explorer next “patch” Tuesday. At least one of the disclosed bugs will be fixed in that update, the company has said.