Forgive me for sounding like a broken record, but yet another Internet Explorer security hole has been revealed. Is there no end to the ways that IE can be broken into? It doesn’t look like it!

In this latest flaw, there’s an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines running IE 7 and 8.

According to Microsoft’s Senior Security Communications Manager Lead Jerry Bryant, an exploit “was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.”

Microsoft says that, as far as they know, no one’s using this exploit yet. Yeah, and I don’t know that anyone is playing hockey in Canada today, but I’m willing to bet someone is.

More >