Microsoft is said to be preparing the launch of an out-of-cycle patch for Internet Explorer to fix a critical security flaw.
Microsoft late Tuesday updated its security advisory to confirm it was aware of a zero-day exploit and a drive-by malware attack targeting the unpatched vulnerability.
Alex Eckelberry, president of anti-spyware vendor Sunbelt Software, said his company first detected the drive-by downloads earlier this week and reported its findings to Microsoft.
"This is a pretty nasty exploit. You just have to visit the [malicious] site and your computer gets hosed. It's dropping a Trojan downloader that takes control of the victim's machine," Eckelberry said in an interview.