MICROSOFT has released a patch for an Internet Explorer software hole through which China-based cyber spies attacked Google and other firms

Posted: January 25, 2010 in Uncategorized
Tags: ,

“Microsoft continues to see limited and targeted attacks against Internet Explorer 6 only,” said Jerry Bryant, senior security program manager at Microsoft.

“Microsoft recommends customers deploy this security update as soon as possible to protect themselves against the known attacks,” he said.

Microsoft deemed the software fix so important that it veered from its usual protocol of releasing security updates the second Tuesday of each month. It urged Windows users to switch on Automatic Updates to receive the patch instantly.

It also refuted the advice of government experts to switch browsers.

“It is important to note that all software has vulnerabilities and switching browsers in an attempt to protect against this one, highly publicised, but currently limited attack can inadvertently create some false sense of security,” Microsoft said.

Mr Bryant and  Microsoft security guru Adrian Stone hosted a public webcast this morning to discuss the security update and field questions.

They said the threat had been “responsibly reported” before the Google attacks, and was escalated after Google and other companies were targeted.

“There’s a lot confusion out there,” Mr Stone said.

“While there are a lot of circumstances around this software update… there is nothing technically different (with this threat) than other vulnerabilities of this type.”

Describing a common threat known as a “drive-by update” – where unsuspecting victims click on a malicious link –  Mr Stone said this threat was similar.

“This is the same type of methodology… in terms of the vulnerability itself and the update itself, really it’s par for the course.”

He added that the fact that the vulnerability was being actively exploited was cause for concern.

Patching hacks

Microsoft warned that anti-virus software “will not protect you from the vulnerability”, adding that it might detect malware that gets into your system without detecting or fixing the security hole.

Attacks that prompted a showdown between internet giant Google and global power China only worked against IE 6, so computer users can protect themselves by switching to newer versions of the web browser, according to Microsoft.

No matter which web browser people use, upgrading to the most current version promises to increase protection against hackers.

Microsoft confirmed last week that a previously unknown security vulnerability in its IE 6 browser was used in cyberattacks that prompted Google to threaten to shut down its operations in China on January 12.

Web security firm McAfee said that the attacks on Google and other companies showed a level of sophistication beyond that of cyber criminals and more typical of a nation-state.

Google said more than 20 other unidentified firms were targeted in the “highly sophisticated” attacks while other reports have put the number of companies attacked at more than 30. Only one other company, Adobe, has come forward so far and acknowledged that it was a target.

Attackers used email or some other lure to get employees of a targeted company to click on a link and visit a specially crafted website using Internet Explorer.

Malicious software would then be downloaded that has the capability to essentially install ‘back doors’ in machines and give hackers access.

Users can install the Internet Explorer fix either by switching on automatic security updates in Windows, or going to
– with AFP


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s