Microsoft has provided further insight into a vulnerability affecting Internet Explorer 6 which was used in the attacks against Google recently.
In a company blog posting, George Stathakopoulos of Microsoft Security, explained that the software giant is only seeing a "very limited number of targeted attacks against a small subset of corporations." He went to explain that the attacks, using proof of concept code, are only effective against Internet Explorer 6. Based on testing, Microsoft isn't aware of any attacks on Internet Explorer 7 or 8 using the vulnerability.
Stathakopoulos urges customers to upgrade immediately to Internet Explorer 8. "We continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible" he said. Microsoft confirmed it is monitoring the on-going threats and that despite there only being limited targeted attacks today, this could change at any time.
Google said, in a blog posting on January 12, that in mid-December, they, along with a number of other large companies in the Internet, finance, technology, media and chemical sectors, were targeted in a sophisticated cyber-attack. This attack on their infrastructure originated in China, using Internet Explorer 6, and resulted in the theft of intellectual property. Due to this attack, and the background behind it, Google is now taking a second look at their operations in China, particularly Google.cn, where they currently offer censored search results as part of an agreement with China's government. Microsoft admitted last week that Internet Explorer 6 was one of the vectors used in the targeted and sophisticated attacks.