Hackers Find Zero-Day Flaw in Internet Explorer

Hackers have found yet another security flaw in Internet Explorer that would allow them to install malicious software on vulnerable computers.

Security company FireEye reports that the issue was discovered after the Council on Foreign Relations website got hacked, as the page was specifically compromised to exploit the flaw.

The attacks are made via Adobe Flash on a fully-patched computer running Internet Explorer 8, the security vendor said.

Microsoft has already confirmed that it’s investigating the issue, but has explained that IE9 and IE10 are not affected by the flaw.

“We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8. We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted,” Dustin Childs, group manager for response communications at Microsoft, told KrebsonSecurity.