Attackers targeting Google and a number of other U.S. companies recently used software that exploits a new hole in internet Explorer, Microsoft said Thursday.

"Internet Explorer was one of the vectors" used in the attacks that Google disclosed earlier this week, Microsoft said in a statement. "To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6," the statement said.

The vulnerability affects Internet Explorer (IE) 6, 7 and 8 on Windows 7, Windows Vista, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4, Microsoft noted in an advisory posted Thursday afternoon.

Source code was stolen from some of the 30 Silicon Valley companies targeted in the attacks, according to sources. "It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems," Microsoft said in the statement.

Microsoft is working on a fix but could not say whether it would address the issue as part of its next Patch Tuesday scheduled for February 9 or before.

Keeping the IE Internet zone security setting on "high" will protect users from the vulnerability by prompting before running ActiveX Controls and Active Scripting, Microsoft said. Customers should also enable Data Execution Prevention (DEP), which helps mitigate online attacks, the company said. DEP is enabled by default in IE 8 but must be manually turned on in earlier versions.