updated 02:24 pm EDT, Wed June 13, 2012
Attackers said to be exploiting IE vulnerability
Microsoft has issued a formal warning and a temporary fix for an Internet Explorer security flaw that has enabled attackers to gain access to Gmail accounts. Beginning last week, a number of Gmail users have logged into their e-mail accounts to find an alert from Google stating that "We believe state-sponsored attackers may be attempting to compromise your account or computer."
The Microsoft advisory acknowledges "active attacks," while a separate Google note concurs that the vulnerability is being "actively exploited in the wild for targeted attacks."
The vulnerability leaves Internet Explorer open to remote code execution if a user accidentally navigates to a website that has been crafted to include malicious code. Users would not be forced to visit a website, however the targeted attacks could arrive in the form of e-mails or other messages that direct users to follow a link.
Google has yet to provide full details surrounding its allegation of government involvement, though the notifications appear to include Gmail users in China. The company early last year accused the Chinese government of hacking into Gmail accounts to quash dissent.
The vulnerability has yet to be patched, however Microsoft has devised a temporary fix that is claimed to prevent successful exploitation until the browser can be updated.