The SANS Institute’s Internet Storm Center set its Internet danger warning level to “yellow” over the weekend as criminal gangs began targeting Internet Explorer browsers with an unpatched security hole.Last week, security researcher H.D. Moore released proof-of-concept code demonstrating how a bug in the “setslice()” method in IE’s “WebViewFolderIcon” ActiveX control could be used to execute malicious code on a user’s system. Moore originally publicized the flaw in July, but at the time he disclosed only that it could be used to shut down the browser.Over the weekend, two separate criminal groups began hacking into websites and message boards and rigging them to deploy code from remote servers that exploits the bug. The exploit servers attempt to plant several pieces of malicious code on users’ systems, including a program called CoolWebSearch that is notoriously difficult to remove, according to SANS.SANS urged system administrators to take action as soon as possible. “The exploit is widely known, easy to re-create and is used on more and more websites,” the group said in an advisory. “The risk of getting hit is increasing significantly.” Microsoft said it is aware of the problem, and recommended workarounds until a patch arrives on Oct. 10, as part of the company’s regular patch cycle. Users should install killbits that disable the control, according to Microsoft and SANS. SANS also urged administrators to consider asking their users to stop using IE for the time being.Security company Determina issued a patch that fixes the problem, which has been endorsed by Zeroday Emergency Response Team, a nonprofit group made up of well-known security researchers. The root of the problem is with an integer overflow in a core Windows component called COMCTL32.DLL, which is used by many programs, researchers said. “The WebViewFolderIcon ActiveX control is most likely only one of the attack vectors for this vulnerability,” said Determina’s Alex Sotirov on the Full Disclosure mailing list.-Matthew Broersma, Techworld.com (London)Related Links:• Microsoft Outlook Vulnerable to Critical VML Bug • Security Group ZERT Patches New IE Bug • Beyond Passport Vulnerabilities Keep checking in at our Security Feed page for updated news coverage. Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe