Microsoft (NASDAQ: MSFT) has admitted to "limited attacks" that were conducted against an unpatched vulnerability in version 6 through 8 of its beleaguered Internet Explorer web browser. The bug has to do with an invalid flag reference, which can be exploited to allow a remote code execution--euphemism for a complete, remote takeover of one's computer. Of course, Microsoft was quick to emphasize that while the security flaw can also be found in IE8, that it is effectively thwarted by Data Execution Prevention, which is enabled by default in IE8.

For now, Microsoft says the vulnerability does not require an emergency patch. In a blog post on the Microsoft Security Response Center site, group manager of response communication, Jerry Bryant, wrote: "We are monitoring the threat landscape very closely and if the situation changes, we will post updates on the MSRC blog." System and security administrators will want to read Security Advisory 2458511 here on other methods of mitigating attacks against systems with IE6 and IE7.

For more on this story:
- check out this article at TechNet
- check out this article at InfoSecurity
- check out this article at Forbes Blogs

Related Articles:
Microsoft (NASDAQ: MSFT) Earnings Q1 FY2011 
Microsoft's great quarter fails to impress detractors 
Large Patch Tuesday from Microsoft this month
New Windows kernel bug surfaces days before Microsoft's largest Patch Tuesday
Microsoft to issue record number of security bulletins next Tuesday