As it turns out, even with the 24 fixed vulnerabilities in Microsoft’s February Patch Tuesday update, Microsoft still missed at least one. There is now an actively exploited zero-day attack against a vulnerability in IE.
“Microsoft is aware of targeted attacks against Internet Explorer, currently targeting customers using Internet Explorer 10,” Microsoft wrote in an email to eWEEK. “We are investigating and we will take action to help protect customers.”
Security vendor FireEye first publicly reported the zero-day on Feb. 13. The zero-day is being used in what is known as a “watering-hole” attack, where visitors to a legitimate site are being compromised.