After Microsoft confirms the vulnerability, it provides security suggestions for the IE vulnerability.

After confirming the Internet Explorer vulnerability exposed by hackers, Microsoft proposed security suggestions for the vulnerability this week and confirmed that the vulnerability affected Internet Explorer 6 and Internet Explorer 7, and Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and other operating systems.

According to Microsoft's instructions, this vulnerability exists in an invalid indicator reference in IE and will access the deleted CSS/Style File. Therefore, in the case of a specific attack, when IE tries to access an existing file, it may execute the malicious program that the hacker supplies. This is a major vulnerability that can cause remote program attacks, but Symantec once said that the attack programs released by hackers are not reliable.

This vulnerability does not affect IE 8. In addition, the protection mode of IE 7 enabled on Vista can also limit the impact of this vulnerability. Microsoft said that hackers may exploit this vulnerability to gain user permissions. Therefore, it is recommended that users set lower-level user permissions.

According to Net Applications, IE 6 is still the most popular IE version, with a market share of 23.3%, IE 7 Shares 18.16%, and the latest IE 8 has a market share of 18.12%.

Microsoft has not yet received an attack report on this vulnerability, indicating that it will continue to detect related threats and update this security suggestion as the situation changes. In addition, after the investigation is completed, Microsoft will decide the protection measures based on the customer's needs, including introducing updates through routine repair schedules or providing emergency updates.