Microsoft late Friday confirmed that a “zero-day,” or unpatched, vulnerability exists in Internet Explorer 8 (IE8), the company’s most popular browser.
According to multiple security firms, the vulnerability has been used in active exploits, including “watering hole”-style attacks against the U.S. Department of Labor and U.S. Department of Energy, targeting workers at the latter agency involved in nuclear weapons research.
On Friday, Microsoft published a security advisory that acknowledged the bug. In the advisory, the company also said that other versions of Internet Explorer, including the newer IE9 and IE10, are not affected, and that the firm is working on an update to patch the problem.
No timetable for a fix was provided. The next scheduled security update from Microsoft will ship Tuesday, May 14.
Seven alleged hackers based in the US, UK and Republic of Ireland have been charged with crimes related to computer attacks said to have affected “over one million victims”.
The FBI said that five of the men were involved in the group Lulzsec, while a sixth was a “member” of Antisec.
It said that Lulzsec’s “leader” Hector Xavier Monsegur had pleaded guilty in August to 12 criminal charges.
The BBC understands Mr Monsegur subsequently co-operated with the FBI.
It is believed that this action helped lead to the other accusations.
Source: BBC News