Microsoft said it planned to release the first emergency out-of-band patch of
the New Year, repairing a critical exploited vulnerability in Internet Explorer,
found as the source of malicious attacks against Google earlier this month.
Microsoft fell short of mentioning when the update would be released but
promised to have more information about the impending patch on Wednesday.
Security researchers say that the IE vulnerability was exploited by hackers
in a series of cyberattacks against Google earlier this month.
Security experts say that they have thus far seen only targeted attacks
exploiting the aging IE 6. However, researchers said in a blog post Monday that
there are reports of a published proof-of-concept code exploiting the same
vulnerability on IE 7, as well as Windows XP and Windows Vista.
Microsoft Trustworthy Computing Security General Manager George
Stathakopoulos said in a blog post Tuesday that the company was "actively
investigating, but cannot confirm, these claims."