Microsoft confirmed that the Bugtraq-published attack code reported yesterday is indeed a real threat to machines still running the earlier versions of the Internet Explorer (IE) web browser. What's more, it's been identified as a zero-day vulnerability to boot, which means patches on the security hole could prove labor-intensive on the software giant's part.

However, the good news is that Microsoft has not spotted any in-the-wild attacks as of yet. The company's team of researchers made no comment on any patch plans to seal the hole at present, but they do highly recommend disabling JavaScript in the meantime. The bottom line here is that Microsoft acknowledged that the attack code posted last week on a mailing list has the ability to penetrate through IE 6 and IE 7.

The fact that the script is publicly available makes it all the more dangerous, although the company's spokesman assures that IE 8 isn't affected by the bug in an email reply to several major IT security media centers. As noted before on the "Internet Explorer Takes a Knee from New Attack" article, IE 6 and 7 make up about forty percent of all web browsers used globally—a statistic taken from the Net Applications firm's metrics. On the other hand, the IE 8 browser has a respectable eighteen percent market share.

Secunia, a Danish vulnerability tracking vendor, reckons that the bug is located in IE's layout parser, so it could be manipulated by most virtual villains out there in order to take over computers with patched and protected Windows XP Service Pack 3 (SP3) platforms. The organization appraised the programming flaw as a "highly critical" one, which is the second to the worst hazard grade.

During the weekend, Symantec's expert staff of IT security specialists and researchers acknowledged the existence and effectiveness of the attack code, but also noted that it's a poorly coded and badly written exploit. For a hacker script, it wasn't very dependable; however, the Symantec analysis team posted on their blog last Saturday that it expects a "fully functional" and "reliable" code to become available very soon.

Furthermore, Symantec echoed Microsoft's recommendation of disabling the JavaScript service on their IE 6 or 7 for the meantime, which should help greatly in halting any would-be cyber attacks because the posted attack code requires the popular script to function.