IE7 flaw exploit in circulation

Anyone using Microsoft's Internet Explorer 7 browser who has not yet applied a patch issued earlier this month is advised to do so as soon as possible.

Microsoft issued patch MS09-002, otherwise known as KB961260, last week to fix security flaws in IE7.

Security experts have advised surfers to download and apply the patch, if they do not have Automatic Updates enabled, as exploit code for the vulnerability has been seen in circulation.

McAfee's Rahul Mohandas warned of specially-crafted Word documents circulating in emails that are designed to exploit the flaw.

"The attack, delivered in the form of a maliciously crafted document, is sent out to unsuspecting users," Mohandas said.

"This Word document contains an embedded ActiveX control which upon opening, connects to a website hosting the MS09-002 exploit," he continued.

If you open the document, a hacker would be able to remotely take over your PC, allowing them to steal personal data, install malicious software, or turn your computer into a spam-generating bot.

As well as applying the patches, surfers are advised not to open files attached to emails that come from an unknown source.

www.mcafee.com
www.windowsupdate.com