Microsoft is to issue an emergency security patch for its Internet Explorer browser to fix the flaws blamed for the recent China-based hacker attacks on Google and at least 20 other companies.
Jerry Bryant, senior security program manager at Microsoft, said the patch, due to be released on 21 January, addresses the vulnerability related to attacks against Google and small subset of corporations, as well as several other vulnerabilities.
"Once applied, customers are protected against the known attacks that have been widely publicised," he said in a blog post.
Bryant said all IE users should install the update as soon as it is available, but the update will be applied automatically once it is released for anyone using Microsoft's automatic update facility.
Microsoft said it continues to see some attacks, with the only successful attacks against IE 6. The software firm recommends IE users update to IE 8, which it claims has better security protection.
Security firm McAfee has welcomed Microsoft's release of a security update for IE, but warned against applying unofficial patches.
"These unofficial patches may seem like a good idea as they appear to provide immediate protection, but applying a patch from an unknown source for software that was created by someone else just isn't a good idea," said McAfee chief technology officer George Kurtz in a blog post.
"It can create all kinds of compatibility and performance issues and may be a security risk of its own, he said.
Kurtz said McAfee Labs has released a free tool for businesses and other IE users that detects and remove any malware related to the attacks on Google and other companies.