Microsoft comes in during the day, the 30th March, with a security update to Internet Explorer. This will eliminate a vulnerability in the browser that is already being actively exploited in the attack, but seems to have too many other critical vulnerabilities that Microsoft has been made aware of.
It is only in IE 6 and 7 that one of the vulnerability being exploited in attacks. It is unclear whether other vulnerabilities that are removed with the upcoming patch, also affects other versions of the browser.
Microsoft came up with a first notification of the affected vulnerability is already the 9th March. Later, the company has come with a solution to disable the vulnerable component.
A successful attack against the current vulnerability allows execution of arbitrary code, which can give the attacker full access to the affected system.
Details of the upcoming security update is available here.
