Google has issued security alerts to Windows users who using Internet Explorer as their main browser. IE, which in some cases is very tied into the operating system like Windows XP, is said to have been the target of politically-motivated attacks. According to Google reps, users of IE are open to attacks through a popular social networking site. Google declined to name the site specifically, but stood by its warning.
At this time, there is no permanent fix for the security hole, but Google heeds that users apply a temporary fix from Microsoft (opens in new tab) as soon as possible.
According to Microsoft, the security hole lies in the way IE handles MHTML, which could lead to an exploit disclosing private information.
Microsoft said in in its advisory:
Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities.
Google said that it has deployed server-side changes to help combat the exploit:
To help protect users of our services, we have deployed various server-side defenses to make the MHTML vulnerability harder to exploit. That said, these are not tenable long-term solutions, and we can’t guarantee them to be 100% reliable or comprehensive. We’re working with Microsoft to develop a comprehensive solution for this issue.
The MHTML exploit exists in all versions of Windows.