Microsoft has recently released its June 2012 security update and with it the company also released an advisory to warn customers of a serious zero-day exploit that affects Internet Explorer. While there isn’t a permanent patch for this issue, the Redmond company has made available a “Fix it” solution.
In order to exploit the flaw, an attacker has to host a website that contains a malicious webpage. The cybercriminal would have to social engineer the victim to convince him/her to visit the domain.
If exploited successfully, the vulnerability would allow the attacker to gain the same rights as the customer who is logged in at the time. ZDNet reports that the existence of this security hole and the fact that it’s actively exploited may have been the factors that determined Google to introduce the “state-sponsored attack” warnings. We believe this to be true based on the advisory that the search engine giant has released on its security blog.