Microsoft Confirms IE Fault in Google China Hack
Hackers exploited Internet Explorer security flaw in Google attack.
On Thursday, security firm McAfee said that Operation Aurora, the attack that hit Google and multiple companies early in the week, was the result of a new, "not publicly known" vulnerability found in Microsoft's web browser, Internet Explorer.
Microsoft quickly admitted the flaw in TechNet blog post. Mike Reavey, director of Microsoft's security response team, wrote, "Based on our investigations into these attacks, as well as the investigations of others, we recently became aware that a vulnerability in Internet Explorer appears to be one of several attack mechanisms that were used in highly sophisticated and targeted attacks against several companies."
"Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity," Reavey continued. "We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation."
In response, Microsoft has published a security advisory that advises users to turn up the security settings in their Internet Explorer software until a further update can be issued.
"Our teams are currently working to develop an update and we will take appropriate actions to protect our customers," Reavey added. The post pointed out that Microsoft has no indication that the company's corporate network or mail properties were attacked as part of the recent attacks.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
-
buckinbottoms Actually, it is still googles fault. The fix was available and has been available since IE7. Its called DEP. Google was either using IE6 which does not have the feature, or IE7 and did not enable DEP, or was using IE8 and manually turned the feature off since it is active by default.Reply -
gzhang From MS security Advisory (provided above), it doesn't look like DEP can prevent this attack. Most likely the pointer can be used to alter the execution path, not a stack overflew bug.Reply -
sublifer http://www.tomshardware.com/forum/20945-9-viewing-imagesReply
Come on people! Vote for Change! -
flyinfinni Doesn't sound like it was a known problem with a fix already available to me or Microsoft would not have admitted any part of the blame.Reply -
war2k9 As I remember some online saying ie8 is the safest web browser out there.Reply
can we still trust ms ie8? -
CrashOverride90 lol exactly the reason why i always use firefox with two top-notch security plugins (Adblock plus and noscript).Reply -
STravis And this is why we don't trust MS software (no matter how much MS tries to convince us they care about security)..Reply
Most Popular
By Anton Shilov
By Paul Alcorn
By Zhiye Liu
By Aaron Klotz