Microsoft has issued a Security Advisory (979352) last week to respond the hacking attacks on Google and other 33 big corporations. Now its Security Response Center has more landscape on this thread.
First of all, even though it was claimed on the original Security Advisory that not long does IE 6 have the security hole but almost all version including IE 7 and IE 8 on all supported versions of Windows are vulnerable to this thread as well,
The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time.
Thanks to the much improved security protections provided by newer version of IE and Windows including Vista and 7.
So far, there are very limited number of targeted attacks against a small subset of corporations, and no threat to a regular user. However,
we continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible to benefit from the improved security protections it offers. Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible.
Additionally, the workarounds and mitigations described in the security advisory still should be considered as a safety guidance.
It’s in 2010, and it’s time to ditch a produce like both Windows XP and IE 6 that are about 10-year-old for something new like Windows 7.
Microsoft will release a security update out-of-band for this vulnerability. They also emphasizes that
To date, the only successful attacks that we are aware of have been against Internet Explorer 6.