Microsoft says it's working to fix security vulnerability that lets attackers inject client-side scripts to Internet Explorer users. Josh Lowensohn joined CNET in 2006 and now covers Apple. Before ...