Arstechnica: New zero-day bug in IE 10 exploited in active malware attack, MS warns (updated)
Exploit hosted on hacked, US-based website commandeers visitors’ PCs.
Microsoft has confirmed reports of a recently active attack that surreptitiously installed malware on computers running a fully patched version 10 of the Internet Explorer browser. The attacks also work on IE 9, the company warned