Posted by Mike Reavey
Director, Microsoft Security Response

Unfortunately cyber crime and cyber attacks are daily occurrences in the online world.  We condemn these attacks and the recent attacks against Google and other companies.

Based on our investigations into these attacks, as well as the investigations of others, we recently became aware that a vulnerability in Internet Explorer appears to be one of several attack mechanisms that were used in highly sophisticated and targeted attacks against several companies.

At this time, we have no indication that Microsoft’s corporate network or our mail properties were attacked as part of these attacks.

To help protect customers we have published a Security Advisory which provides people with guidance, and tools, to help protect themselves.  As part of our normal security response process, we are also working with our Microsoft Active Protections Program (MAPP) and Microsoft Security Response Alliance (MSRA) partners to help provide broader protections for customers.  At this point, these attacks appear to be targeted at corporations; we have not seen any evidence of attacks against consumers.

Our teams are currently working to develop an update and we will take appropriate actions to protect our customers.

Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity. We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation.

For more information, see the security advisory, or the Microsoft Security Response Center blog.