Microsoft is now saying that some hackers linked to china have used a zero day exploit in Microsoft’s Internet Explorer to compromise systems at several U.S. Companys. Google, Adobe and Juniper Networks to name a few. The vulnerability still remains unpatched and there for companies are still at risk to remote code execution attacks. Google said the attacks were “Very targeted and resulted in the theft of intellectual property. Juniper said it was “investigating a cyber security incident involving a sophisticated and targeted attack against a number of companies”.

The attack was traced to attackers in Taiwan and an internet IP address owned by Rackspace. Rackspace has confirmed that its systems played a very small part in the attacks. The flaw affects Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

Here’s the danger:

To exploit, an attacker could host a specially crafted Web site, or take advantage of a compromised website, and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these malicious Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message, that directs users to the attacker’s Web site. It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems. The Microsoft investigation concluded that setting the Internet zone security setting to “high” will protect users from the vulnerability addressed in this advisory.

Microsoft is considering an out-of-band emergency IE patch to fix this vulnerability.