Well, that was quick. Microsoft said yesterday it would release an out-of-band security update to fix the vulnerability found in Internet Explorer which was used during the Google attacks. Today it announced the fix will be released tomorrow.
The update will address the vulnerability in Internet Explorer, 6, 7, and 8 on Windows 2000, XP, Vista, and 7 – so everything will be patched. Even though the actual exploit currently out there (the one used in the Google attack) only affects Windows XP running Internet Explorer 6, Microsoft still rates this vulnerability as “Critical”, meaning the company takes it quite seriously.
“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” a Microsoft spokesperson told Ars Technica today, “It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized.”
A pretty quick response from Microsoft, since it only found out about the flaw six days ago. I guess this means we can put this one to rest.