Microsoft is warning about a newly discovered and unpatched flaw in Internet Explorer 6 and 7 that’s being exploited in the wild. The bug is an invalid pointer reference bug, which doesn’t affect IE 8, according to Microsoft. The attack requires that the user visit a Website with malicious code that exploits the vulnerability. Microsoft recommends running IE in Protected Mode, which would limit a successful attacker’s rights on the victim system. The advisory was released in conjunction with Microsoft’s monthly patch release today.”]
Source: https://www.darkreading.com/attacks-breaches/new-ie-zero-day-flaw-being-used-in-targeted-attacks