Microsoft confirms new Internet Explorer vulnerability

Microsoft has confirmed the presence of a previously undiscovered flaw that affects Internet Explorer 6 and Internet Explorer 7. A Microsoft spokesperson noted, "We're aware that detailed exploit code was published on the Internet for the vulnerability, but we're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."

In this case, the vulnerability is related to how Internet Explorer deals with cascading style sheets, or CSS. CSS is used to describe the layout of a web page, and is a crucial element of modern web site design. For now, security vendor Symantec says that the attack code is "a bit buggy and unreliable," though you can be sure this will not stay that way for long.

Security analysis by vulnerability management firm VUPEN has determined that disabling active scripting in the Internet and Local intranet security zones could help to temporarily mitigate this problem. Visiting only "trusted websites" is also recommended until Microsoft issues a patch that fixes this vulnerability.

Of course, older versions of Internet Explorer, especially IE6, have been plagued by the repeated discovery of security vulnerabilities.  Rather than trying to limit visits to "trusted websites"--and how is someone supposed to do that anyway--perhaps switching to newer versions of IE, or even ditching it altogether in favor of browsers such as Firefox and Opera, might be a wise move.

For more on this story:
- check out this eWeek article
- check out this Washington Post article

Related Articles:
Lead on other browsers narrows for Internet Explorer
Microsoft: Internet Explorer 9 will be faster
Report: Internet Explorer 8 effective in blocking phishing
USDA unit limits browsers to Internet Explorer