A newly announced Internet Explorer zero-day exploit is apparently being used to hijack the accounts of a number of Gmail users. ZDNet.com reports that both Microsoft and Google have sent out their own security advisories about this issue. The exploit works just by an IE user surfing over to an infected website.
According to Microsoft's statement:
An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.
While there is no patch yet for this issue, Microsoft does offer a tool that will block this exploit from being used. This exploit is apparently the same one that Google referenced in a recent security blog post where it warned Gmail users that their email boxes could be the subject of "state-sponsored attacks." Google also said that Gmail users who might be the victim of these attacks would see a message similar to the one above.
