Microsoft Confirms IE Fault in Google China Hack

On Thursday, security firm McAfee said that Operation Aurora, the attack that hit Google and multiple companies early in the week, was the result of a new, "not publicly known" vulnerability found in Microsoft's web browser, Internet Explorer.

Microsoft quickly admitted the flaw in TechNet blog post. Mike Reavey, director of Microsoft's security response team, wrote, "Based on our investigations into these attacks, as well as the investigations of others, we recently became aware that a vulnerability in Internet Explorer appears to be one of several attack mechanisms that were used in highly sophisticated and targeted attacks against several companies."

"Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity," Reavey continued. "We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation."

In response, Microsoft has published a security advisory that advises users to turn up the security settings in their Internet Explorer software until a further update can be issued.

"Our teams are currently working to develop an update and we will take appropriate actions to protect our customers," Reavey added. The post pointed out that Microsoft has no indication that the company's corporate network or mail properties were attacked as part of the recent attacks.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
Comment from the forums
    Your comment
    Top Comments
  • doc70
    there is no browser out there that has zero security flaws. Admittedly, some have more than others, I don't use IE on any of my Windows machines, but that does not excuse the fact that China uses this to exercise it's censorship.
    Before blaming the homeowner for not having the latest and greatest locks on his doors I would still blame the burglar first for breaking in. If we start diverting the blame onto the wrong party then good luck when you become the victim.
    As I have said it before, any PC/OS and any browser is only as smart as it's user. If the user is evil, the PC becomes "evil" as well.
  • Other Comments
  • botabota
    Thats why we have firefox
  • Hanin33
    anyone surprised?
  • 4trees
    Using Google Chrome :)