Computerworld reports that Microsoft has admitted that a critical and unpatched vulnerability in Internet Explorer was used in the attack against Google and other companies' networks.
According to Microsoft's security advisory, the only version of IE not containing the critical flaw is IE 5.01 running on Windows 2000. All other versions are vulnerable. As eWEEK notes, McAfee says the zero-day exploit:
opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high-value targets and start to siphon off valuable data from the company.
The attack has led Google to consider pulling out of China, which IT Business Edge blogger Don Tennant believes is a bad idea. But it's not just those affected by the attack that should be concerned, says CTO Edge blogger Wayne Rash:
If you have a network presence in China, you should assume that no effort is being spared to use it as a way to gain access to your entire network.