Our colleagues over on ZDNet are reporting that there is a zero-day vulnerability that could allow a malefactor to access an unsuspecting user’s Gmail account. This security problem is particularly troubling because all an attacker has to do is convince you to visit a Web site with the right code to activate it.
Both Microsoft and Google are on the case and working to patch up this security hole, but as of this writing (June 14, 2012) there is no patch yet.
Microsoft’s bulletin on this vulnerability - Microsoft Security Advisory (2719615) - has this recommendation:
A Microsoft Fix it solution is available that blocks the attack vector for this vulnerability. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible. Please see the Suggested Actions section of this advisory for more information.
Have you or your users reported any problems arising from this zero day vulnerability?