Mirosoft was notified of the IE flaw by McAfee
Microsoft admits IE flaw to blame for Google hack
/v3-uk/news/1986250/microsoft-admits-ie-flaw-blame-google-hack
15 Jan 2010, Dan Worth , V3
In a move bound to cause red faces at Redmond, Microsoft has been forced to admit that a flaw in its Internet Explorer (IE) browser was the route by which Chinese hackers sought to infiltrate Google's corporate systems.
"Based on our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," wrote Mike Reavey, director of the Microsoft Securtity Response Center, in a blog posting.
Microsoft's announcement came after McAfee's chief technology officer, George Kurtz, wrote in a blog posting that the firm had discovered a new vulnerability in IE that had been exploited by the hackers.
"In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer," he said.
Kurtz added that the targeted attack used tried and tested methods to get users to click on a link that then compromised their machine.
"These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s browser," he added.
As a result of this, Microsoft issued guidelines to help customers reduce the risk of further attacks and called on firms to remain vigilant against the continued threats that exist.
"Attacks targeting specific corporate networks are becoming more prevalent in the threat landscape and organisations should follow defence-in-depth best practices, and deploy multiple layers of protection to improve their security posture," added Reavey.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
internet explorer
It has been known for years that IE is really prone to attacks
from a vast array of virus's, i recall having received more then 200 different virus's,even with sophisticated software that is supposed to protect my computer, i had to have it reformatted at least 4 times, to the point that i had no option
but to go for a mac,since then i haven't had a single one
i really couldn't afford it, but i could look ahead and see countless bills to have my windows based pc to be reformatted, so in the end it DID make commercial sense to buy the Mac, this isn't an ad for Mac but just a comment
on the well known vulnerability of IE all my friends and colleagues, so ipso facto it make very good sense for hackers to go for IE, IE has issued so many patches, i have lost count ,lets face it IE is rubbish
Posted by Russell, 15 Jan 2010
So, wait a second...
This is a IE 6 flaw being exploited with Google employees. Why are Google employees even using IE 6? If your employees are using a browser that was released in 2001 despite the fact that your own company makes their own browser, well, you may have other security measures to implement.
Posted by Mike, 15 Jan 2010
Give readers what they need
If Microsft have issued guidlines why can the writer not give the reader some reference such as a URL?
Posted by Napier, 15 Jan 2010
MS's Inertia
So what are Microsoft going to do about it??
Posted by wyndham, 15 Jan 2010
Issued guidelines?
Instead of issuing guidelines why not issue a patch to solve the problem? I'm sure it has more flaws then thhis that we don't know about.
Posted by vufindr, 15 Jan 2010
lol @ Google
I find it amusing that Google supposedly employs some of the brightest minds in the world but yet obviously their staff is stupid enough to click on run-of-the-mill phishing spam links. Secondly, nice job on protecting your email system to allow such spam phishing links in through your email system. And third, brilliant job of having your systems updated to the latest version of IE. If you were on 8.0, you wouldn't have egg on your faces right now! bahahaha
Posted by lrn2itsecurityyougooglenubs, 15 Jan 2010
Microsoft IE flaw
Yet another attack on Microsoft..mmm just after Googles Chrome is wheeled out for general use. I have ie8 safari & chrome which way do i turn??
Posted by Paul Cornthwaite, 18 Jan 2010
mac mac mac yap yap yap
Ok russell so ie is not great but dont do the pathetic mac adverts on the back of it.Your 200 viruses only show what is already known in the real world.That is that mac users are for the most part computer illiterate and base their purchase largely on how their computer looks rather than what it can do.Why else would someone pay so much just to browse the net and check their emails?
: )
Posted by jabba da gut, 18 Jan 2010
Hmmm
I run lynx as a main browser and have never had a problem - it sure frees up bandwidth for downloads and games too. Or for graphical goodness why not stick with something tried and tested like firefox?
Posted by anon, 22 Jan 2010
Microsoft admits IE flaw to blame for Google hack
First rule of computing: Never buy anything by Microsoft until the first service pack is released, because, prior to that, you are only paying for the privilege of doing their final beta testing for them.
Posted by D.Griffith, 18 Jan 2010