The SANS Institute’s Internet Storm Center set its Internet danger warning level to “yellow” over the weekend as criminal gangs began targeting Internet Explorer browsers with an unpatched security hole.Last week, security researcher H.D. Moore released proof-of-concept code demonstrating how a bug in the “setslice()” method in IE’s “WebViewFolderIcon” ActiveX control could be used to execute malicious code on a user’s system. Moore originally publicized the flaw in July, but at the time he disclosed only that it could be used to shut down the browser.Over the weekend, two separate criminal groups began hacking into websites and message boards and rigging them to deploy code from remote servers that exploits the bug. The exploit servers attempt to plant several pieces of malicious code on users’ systems, including a program called CoolWebSearch that is notoriously difficult to remove, according to SANS.SANS urged system administrators to take action as soon as possible. “The exploit is widely known, easy to re-create and is used on more and more websites,” the group said in an advisory. “The risk of getting hit is increasing significantly.” Microsoft said it is aware of the problem, and recommended workarounds until a patch arrives on Oct. 10, as part of the company’s regular patch cycle. Users should install killbits that disable the control, according to Microsoft and SANS. SANS also urged administrators to consider asking their users to stop using IE for the time being.Security company Determina issued a patch that fixes the problem, which has been endorsed by Zeroday Emergency Response Team, a nonprofit group made up of well-known security researchers. The root of the problem is with an integer overflow in a core Windows component called COMCTL32.DLL, which is used by many programs, researchers said. “The WebViewFolderIcon ActiveX control is most likely only one of the attack vectors for this vulnerability,” said Determina’s Alex Sotirov on the Full Disclosure mailing list.-Matthew Broersma, Techworld.com (London)Related Links: Microsoft Still Working to Patch July Bugs Critical IE Bug Gets Early Fix from Microsoft Microsoft Expects to Release Only 3 Patches in Sept.Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost The steep cost of a poor data management strategy Without a data management strategy, organizations stall digital progress, often putting their business trajectory at risk. Here’s how to move forward. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Jun 09, 2023 6 mins Data Management feature How Capital One delivers data governance at scale With hundreds of petabytes of data in operation, the bank has adopted a hybrid model and a ‘sloped governance’ framework to ensure its lines of business get the data they need in real-time. By Thor Olavsrud Jun 09, 2023 6 mins Data Governance Data Management feature Assessing the business risk of AI bias The lengths to which AI can be biased are still being understood. The potential damage is, therefore, a big priority as companies increasingly use various AI tools for decision-making. By Karin Lindstrom Jun 09, 2023 4 mins CIO Artificial Intelligence IT Leadership brandpost Rebalancing through Recalibration: CIOs Operationalizing Pandemic-era Innovation By Kamal Nath, CEO, Sify Technologies Jun 08, 2023 6 mins CIO Digital Transformation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe