Most recently an unpatched security hole found in Internet Explorer and which being affected all of the IE versions which noted by cnet. Microsoft says, “Microsoft is investigating reports of attacks against a new vulnerability in IE but said in an update to a security advisory issued late on Thursday that all versions of IE are potentially vulnerable.”
Microsoft has seen several hundred detections of exploits from around the globe, though the sites taking advantage of the vulnerability appear to be hosted on Chinese domains, “Microsoft said in a Microsoft Malware Protection Center blog.”
“The exploit sites we’ve seen so far drop a wide variety of malware–most commonly password stealers like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpud along with some previously unseen malware which we generically detect as Win32/SystemHijack,” the Malware Protection Center blog says. “We fully expect the variety of malware being dropped by this exploit to broaden as the exploit code starts to circulate around the Internet underground.”
Cnet’s writer Elinon Mills says, “People visiting trusted sites could be affected as well from sites targeted by SQL injection attacks through which malicious code is injected into site”
Microsoft says, “A Microsoft spokesman said he could not say when a fix would come. The next Patch Tuesday is scheduled for January 13.”
In meantime, better to switch on Mozilla firefox or use Google Chrome for security purpose. It’s not a good idea to still use IE — whenever they will fix that problem, you can use again.