cnet: On Thursday, Microsoft confirmed that "Internet Explorer was one of the vectors" used in the well-publicized Chinese attacks on Google and other U.S. firms. The vulnerability can be found in Internet Explorer 6, IE 7, and IE 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4.
Sources say that the Chinese attackers stole source code from more than 30 U.S. companies, including Google, Adobe, Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical.
Microsoft is working on a fix that will patch the vulnerability but haven't said when that patch will become available. Until then, users can protect their systems by putting the IE Internet zone security setting on "high" and enabling Data Execution Prevention.