internet_explorer Microsoft announced today, December 16th, that they have verified a vulnerability in Internet Explorer 7 where a malicious exploit is exposed that could infect your computer with malware.

Specifically, the AZN trojan, which has been working it's way across the web since the beginning of December, can infect users systems with a trojan horse that can download other forms of malware onto your computer.

There are potentially two ways your system can get infected.  The first is to visit a malicious website that already has the malware installed, or visit a legitimate site where the attacker has inserted the malicious script to run in the background leaving visitors unaware that their systems have been compromised.

The exploit is said to work successfully against a fully patched Windows XP SP3 system with Internet Explorer 7 installed.  Also Internet Explorer 6 could also be effected.  It seems to be a problem in the dll that handles the rendering of multiple types of HTML content in IE and the bug is triggered by the span tag.

To show the severity of this exploit and the potential for wide-spread infection, Microsoft has announced that they will issue an emergency fix for this vulnerability via it's automatic update system on Wednesday, December 17th and users with the Windows Update feature activated will get this "critical" patch automatically.

So, If you are reading this before you've patched your system, take a break from IE for the day - for all our sake.  This is precisely why I keep a copy of FireFox and Chrome on my systems at all times. 

-Joe