Further Insight into Security Advisory 979352 and the Threat Landscape

Hi All, We wanted to provide you some insight into the vulnerability reported in Microsoft Security Advisory 979352, which is related to our ongoing investigation into the recently publicized attacks against Google and other large corporate networks. We understand that there is a lot of noise about this topic right now and we know that our customers are receiving a lot of information about this situation from a variety of sources, so we want to provide some additional insight. First, we will provide an update on the threat landscape – there has been a lot of speculation, so we’ll share detailed information on what Microsoft is seeing in terms of attacks across all of our monitoring systems. Second, we’ll highlight what customers should do to protect themselves. Finally, I will provide an update on the continuing work at Microsoft to respond to this situation and help protect our customers. In terms of the threat landscape, we are only seeing very limited number of targeted attacks against a small subset of corporations. The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time. This is likely due to improved (continue reading...)