Researcher Adrien de Beaupre of the
SANS Internet Storm Center said early today that proof-of-concept code is available targeting Internet Explorer 6 (IE) that could lead to a DoS attack.
But a Microsoft spokesman told SCMagazine.com today that the issue actually affects XML [extensible markup language], not IE.
"Microsoft is not currently aware of any active attacks utilising this exploit code or of customer impact at this time," he said. "Microsoft is actively monitoring this situation to keep customers informed and to provide customer guiance as necessary."
The issue was not addressed by this afternoon's patch release, which issued four fixes correcting 10 vulnerabilities.
Meanwhile, vulnerability tracking firm
Secunia this morning said a "highly critical" hole in
Microsoft Excel could be "exploited by malicious people to compromise a user's system.
"The flaw is caused by an error when opening XLS files that enables an attacker to execute arbitrary code. Jie Ma of
Fortinet's security research team discovered the vulnerability.
That flaw, in fact, was repaired with today's security update, namely bulletin MS07-002, although the hole has not impacted any customers, the spokesman said.
Click here to email reporter Dan Kaplan.