Microsoft has confirmed a vulnerability in several Internet Explorer versions which has supposedly been used in the Chinese attack against Google and other companies. The vulnerability exists in Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 but the attacks seem to have been only targeting Internet Explorer 6 systems according to information posted in the vulnerability description at the Microsoft website.
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Microsoft is currently working on a patch to fix the vulnerability with the likelihood that the patch will be released out of their usual patch cycle as an emergency patch.
The patch confirmation page lists several mitigating factors but the safest option right now is to switch to a different web browser at least for as long as no patch is provided to protect the computer system from the vulnerability.
