Microsoft has confirmed that an IE vulnerability was at fault for the Google attacks. In Microsoft Security Advisory (979352) it spells out details and in a company blog, Mike Reavey, director of Microsoft’s Security Response Center (MSRC) provides more information. The security advisory notes that IE 5.01 running on Windows 2000 was not vulnerable to the attack, but that IE6, IE7 and IE8 on Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2 are all at risk.
and then….Microsoft announced that it will issue an emergency security update for Internet Explorer (IE),
but postponed setting a ship date for the fix until wednesday.