Microsoft Admits Critical IE Flaw Used In Google Attack
Attackers targeting Google and a host of other U.S. companies recently used software that exploits a new hole in Internet Explorer, Microsoft said Thursday.
Microsoft has admitted that its Internet Explorer was a weak link in the recent attacks on Google’s systems that originated in China.
The firm said in a blog post on Thursday that a vulnerability in the browser could allow hackers to remotely run programs on infected machines. Following the attack, Google threatened to end its operations in China.
Microsoft has released preliminary guidance to mitigate the problem and is working on a formal software update.
Mike Reavey, Microsoft’s director of security said “So far, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting Internet Explorer 6“.
“The vulnerability affects Internet Explorer 6, IE 7, and IE 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4”
“Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks.”
Google disclosed the attacks targeting it and other U.S. companies on Tuesday and said the attacks originated in China. Human rights activists who use Gmail also were targeted, Google said.
Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.
Security firm McAfee also told AFP news agency that the attacks on Google, which targeted Chinese human rights activists worldwide, showed a level of sophistication above that of typical, isolated cyber criminal efforts.
McAfee’s vice-president of threat research Dmitri Alperovitch told AFP that although the firm had “no proof that the Chinese are behind this particular attack, I think there are indications though that a nation-state is behind it”.
The recent spate of attacks was alleged to have hit more than 30 companies including Google and Adobe, but security firms have since said that such invasions are routine.
Mr Reavey also said that “Unfortunately cyber crime and cyber attacks are daily occurrences in the online world. Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity. We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation.”
Subscribe to our Free Newsletter to be updated about latest Gadgets, Technology and much more….. round the clock! Subscribe and enjoy!
