Microsoft is investigating reports of limited, targeted attacks against customers of Internet Explorer, referred to as “Aurora”.
To date the only successful attacks have been reported against users of IE6. IE7 and IE8 also contain the same vulnerability, but there are no reports of a working exploit for these software versions, although attempted attacks might cause them to crash.
The current vulnerability in IE has re-emphasised the need to be aware of commercial and state espionage programmes which may target your organisation, and the importance of running up to date software on all IT systems.
Detailed information regarding the vulnerability in IE is available at www.microsoft.com/technet/security/advisory/979352.mspx