You are probably aware of the fact Microsoft issued an out-of-band emergency patch Wednesday for a zero-day Internet Explorer vulnerability that has opened the door for hackers to install malware on susceptible computers without any user intervention.

"At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7," said Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update.”

This zero-day exploit has been in circulation since the first week of December and potentially could have infected a wide swath of users. The vulnerability can be exploited through JavaScript code posted on malicious Web sites. Internet Explorer users may be redirected to these sites through hacked legitimate sites. If the malicious code is successful, it silently downloads malware onto the victim's computer.

The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7.

The last such out-of-band patch, Microsoft Security Bulletin MS08-067, was released on Oct. 23. It addressed vulnerability in Windows Server service that affected all currently supported versions of Windows. That vulnerability allowed an attacker to take over affected computers remotely. Moreover the vulnerabilities are found in not only IE 7, Microsoft's latest browser, but also Internet Explorer 5.01, Internet Explorer 6, and Internet Explorer 6 Service Pack 1.