Google has issued a security alert to Internet Explorer users. According to Google reps, users of IE are open to attacks through a popular social networking site. However Google had declined to name the site specifically, but insisted on its warning. IE is the default Internet browser shipped with most of the Microsoft Windows operating system, and many users did not change their default browser.

Currently there’s no permanent solution from Microsoft, but Google urge users to apply a temporary fix issued from Microsoft as soon as possible. According to Microsoft, the security hole lies in the way IE handles MHTML, which could lead to an exploit disclosing private information.

“Microsoft is investigating new public reports of vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities.” – Microsoft

Google said that it has deployed server-side changes to help combat the exploit:

“To help protect users of our services, we have deployed various server-side defenses to make the MHTML vulnerability harder to exploit. That said, these are not tenable long-term solutions, and we can’t guarantee them to be 100% reliable or comprehensive. We’re working with Microsoft to develop a comprehensive solution for this issue.”

The MHTML exploit exists in all versions of Windows, and the fix should be available from Windows update, or a standalone installer can be found at the link below.

[Microsoft via Information Week]