On Thursday, security firm McAfee said that Operation Aurora, the attack that hit Google and multiple companies early in the week, was the result of a new, "not publicly known" vulnerability found in Microsoft's web browser, Internet Explorer.
Microsoft quickly admitted the flaw in TechNet blog post. Mike Reavey, director of Microsoft's security response team, wrote, "Based on our investigations into these attacks, as well as the investigations of others, we recently became aware that a vulnerability in Internet Explorer appears to be one of several attack mechanisms that were used in highly sophisticated and targeted attacks against several companies."
"Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity," Reavey continued. "We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation."
In response, Microsoft has published a security advisory (opens in new tab) that advises users to turn up the security settings in their Internet Explorer software until a further update can be issued.
"Our teams are currently working to develop an update and we will take appropriate actions to protect our customers," Reavey added. The post pointed out that Microsoft has no indication that the company's corporate network or mail properties were attacked as part of the recent attacks.