“The company has determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks targeted against Google and other corporate networks,” a Microsoft spokesperson told Ars. “Microsoft continues to work with Google, other industry partners and authorities to actively investigate this issue. To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE6.”
While Microsoft says it is only aware of limited, active attacks attempting to use this vulnerability in IE6, and has not seen attacks against other versions of IE, the vulnerability is not limited to version 6, according to the security advisory. Internet Explorer 5.01 on Windows 2000 SP4 is not affected, but IE6 on Windows 2000 SP4, as well as IE6, IE7 and IE8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are all affected.
I know I’m not shocked. Are you?
Source: Ars Technica
