Warning: IE 7 at risk from malicious exploit

Microsoft issued a critical security warning Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users' systems with a Trojan horse, or "downloaders" that can download other forms of malware onto a user's system.

Microsoft announced it will release a security patch Wednesday via its automatic update system to patch users' computers.

Users can potentially get infected two ways, Marcus said. One is to visit a malicious website that already has the malware installed on the site, or visit a legitimate site, in which the attacker has inserted the malicious script to run in the background, leaving visitors unaware their systems have been compromised.

Marcus said: "A lot of websites are pushing out this exploit." Some of the infected sites include websites that offer free wallpaper for mobile phones to sites that feature property to product-related sites.

Microsoft is encouraging users to update their systems with the patch.