Received few email and sms warning about this 0 day exploit on IE 7.
Currently, there is no patch for this vulnerability. But Microsoft release mitigating for user to avoid contact infected with the exploit.
Shadowserver also release a list of website that should avoid/block by administrator.
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
Mitigating Factors frm Microsoft:
| • |
Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.
|
| • |
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See the FAQ subsection of this vulnerability section for more information about Internet Explorer Enhanced Security Configuration.
|
| • |
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
|
| • |
Currently known attacks cannot exploit this issue automatically through e-mail.
|
http://www.microsoft.com/technet/security/advisory/961051.mspx