FireEye Labs security company discovered a new zero-day vulnerability in Internet Explorer 9 and 10. Vulnerability allows an attacker to install malicious software on systems that have not been updated.
According to their research, the attack is done with the help of a website whose HTML code has been modified by the attacker.
Until now, vulnerability has been proven to affect versions of Internet Explorer 9 and 10 that use Adobe Flash, and Microsoft confirms that it is currently investigating reports and trying to determine how it works exploit.
"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," a Microsoft spokesman told TNW. "As our research continues, we recommend that our customers upgrade to Internet Explorer 11 for added protection."