Google has warned that hackers are using an unpatched flaw in Internet Explorer for politically motivated attacks.
The flaw was publicly disclosed in January, and affects MIME HTML (MHTML) - a protocol handler that renders documents, letting non-HTML content such as images and sound files be pulled together into a single HTML file.
Microsoft said the flaw allows attacks that are similar to cross-site scripting, letting a hacker see and collect a user's data if they can be tricked into clicking on a malicious link. The flaw affects anyone using IE, but not other browsers.
Google warned that the vulnerability is being used to target specific individuals online.
"We’ve noticed some highly targeted and apparently politically motivated attacks against our users," said the Google security team in a blog post. "We believe activists may have been a specific target."
Google said users of "another popular social site" were also being attacked using the flaw, but didn't specify which site.
Microsoft didn't patch the MHTML flaw in its monthly security update last week, but it has created a mitigation tool to help block the attack, which both Microsoft and Google recommended individuals and companies deploy.
Google has also come up with "various server-side defences" to make attacks more difficult. "That said, these are not tenable long-term solutions, and we can’t guarantee them to be 100% reliable or comprehensive," the security team said. "We’re working with Microsoft to develop a comprehensive solution for this issue."
Microsoft has yet to get back to us with details of when a patch might arrive.
This article originally appeared at pcpro.co.uk
