State-sponsored attackers may be exploiting an unpatched Microsoft glitch to take control of victims' computers, an anonymous source told ZDNet in a story posted yesterday (June 13).
Last week, Google began warning some Gmail users that their email accounts may be targeted by "state-sponsored attackers." In a blog posting announcing the warnings, Google said it couldn't "go into the details without giving away information."
On Tuesday (June 11), Microsoft issued a seemingly unrelated security advisory. The company warned users of Internet Explorer and Microsoft Office that flaws in the way Windows handles the XML markup language (used by many websites as well as by Office 2007) could allow an unauthorized party to run code on a target's computer by tricking the victim into visiting a rigged website or opening a rigged Office document.
The unnamed source told ZDNet that the two advisories were actually about the same thing, implying that state-sponsored hackers were exploiting a "zero-day" Microsoft vulnerability in order to attack computers.
Shortly after the Microsoft advisory was posted, Google posted a second, brief security alert explaining that its researchers had discovered the XML vulnerability "being actively exploited in the wild for targeted attacks" and had reported it to Microsoft.
The second Google advisory made no mention of Gmail, and had no reference to the earlier Google warning.
According to ZDNet, numerous people have recently taken to Twitter to report that they've received the Gmail state-sponsored attack warning.
There is currently no patch available for the Microsoft XML bug, other than to avoid using Internet Explorer or Office 2007.
In the meantime, Microsoft has shipped a "Fix-It" tool that blocks the attack vector, and is urging Internet Explorer users to configure the browser to issue a prompt before running Active Scripting, or to disable Active Scripting.
More information and tips can be found on Microsoft's TechNet blog.