All the latest UK technology news, reviews and analysis
|
|
|
15 Jan 2010
In a move bound to cause red faces at Redmond, Microsoft has been forced to admit that a flaw in its Internet Explorer (IE) browser was the route by which Chinese hackers sought to infiltrate Google's corporate systems.
"Based on our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," wrote Mike Reavey, director of the Microsoft Securtity Response Center, in a blog posting.
Microsoft's announcement came after McAfee's chief technology officer, George Kurtz, wrote in a blog posting that the firm had discovered a new vulnerability in IE that had been exploited by the hackers.
"In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer," he said.
Kurtz added that the targeted attack used tried and tested methods to get users to click on a link that then compromised their machine.
"These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s browser," he added.
As a result of this, Microsoft issued guidelines to help customers reduce the risk of further attacks and called on firms to remain vigilant against the continued threats that exist.
"Attacks targeting specific corporate networks are becoming more prevalent in the threat landscape and organisations should follow defence-in-depth best practices, and deploy multiple layers of protection to improve their security posture," added Reavey.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
eCommerce Business Analyst - (North London) Permanent...
UI Developer (North London) Permanent £55,000 - £60...
MS Office 2010 Trainer - Cambridge My Cambridge based...
Dynamics CRM consultants (experience of javascript and...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Hmmm
I run lynx as a main browser and have never had a problem - it sure frees up bandwidth for downloads and games too. Or for graphical goodness why not stick with something tried and tested like firefox?
Posted by: anon 22 Jan 2010
Microsoft IE flaw
Yet another attack on Microsoft..mmm just after Googles Chrome is wheeled out for general use. I have ie8 safari & chrome which way do i turn??
Posted by: Paul Cornthwaite 18 Jan 2010
mac mac mac yap yap yap
Ok russell so ie is not great but dont do the pathetic mac adverts on the back of it.Your 200 viruses only show what is already known in the real world.That is that mac users are for the most part computer illiterate and base their purchase largely on how their computer looks rather than what it can do.Why else would someone pay so much just to browse the net and check their emails? : )
Posted by: jabba da gut 18 Jan 2010
Microsoft admits IE flaw to blame for Google hack
First rule of computing: Never buy anything by Microsoft until the first service pack is released, because, prior to that, you are only paying for the privilege of doing their final beta testing for them.
Posted by: D.Griffith 18 Jan 2010
internet explorer
It has been known for years that IE is really prone to attacks from a vast array of virus's, i recall having received more then 200 different virus's,even with sophisticated software that is supposed to protect my computer, i had to have it reformatted at least 4 times, to the point that i had no option but to go for a mac,since then i haven't had a single one i really couldn't afford it, but i could look ahead and see countless bills to have my windows based pc to be reformatted, so in the end it DID make commercial sense to buy the Mac, this isn't an ad for Mac but just a comment on the well known vulnerability of IE all my friends and colleagues, so ipso facto it make very good sense for hackers to go for IE, IE has issued so many patches, i have lost count ,lets face it IE is rubbish
Posted by: Russell 15 Jan 2010
So, wait a second...
This is a IE 6 flaw being exploited with Google employees. Why are Google employees even using IE 6? If your employees are using a browser that was released in 2001 despite the fact that your own company makes their own browser, well, you may have other security measures to implement.
Posted by: Mike 15 Jan 2010
Give readers what they need
If Microsft have issued guidlines why can the writer not give the reader some reference such as a URL?
Posted by: Napier 15 Jan 2010
MS's Inertia
So what are Microsoft going to do about it??
Posted by: wyndham 15 Jan 2010
Issued guidelines?
Instead of issuing guidelines why not issue a patch to solve the problem? I'm sure it has more flaws then thhis that we don't know about.
Posted by: vufindr 15 Jan 2010
lol @ Google
I find it amusing that Google supposedly employs some of the brightest minds in the world but yet obviously their staff is stupid enough to click on run-of-the-mill phishing spam links. Secondly, nice job on protecting your email system to allow such spam phishing links in through your email system. And third, brilliant job of having your systems updated to the latest version of IE. If you were on 8.0, you wouldn't have egg on your faces right now! bahahaha
Posted by: lrn2itsecurityyougooglenubs 15 Jan 2010