The French Security Incident Response Team (FrSIRT) is reporting a newly discovered flaw in Internet Explorer (IE), and related to the Microsoft Msdds.dll library file. In fact, it’s so new, that there isn’t even a patch for it at the time of this writing.

Because the Msdds.dll library file must be present in order for the flaw to be exploited, those with the Msdds.dll library are likely at highest risk.

Said an FrSIRT spokesperson, “Microsoft said that this library is installed with Visual Studio but we do not have Visual Studio installed on our lab machines” (and yet the Msdds.dll library file was present). They have also confirmed the flaw with IE6 on a Windows XP system with SP2 and all patches to date.

Of course, while there isn’t a patch for this flaw available yet, the code to exploit the flaw is available…

[Continue reading New Critical Internet Explorer (IE) Flaw Involves Msdds.dll]