Internet Explorer flaw to blame for Google attack

By on January 15, 2010, 12:46 PM
A critical zero-day vulnerability in Microsoft's Internet Explorer browser was apparently "one of the vectors" used in targeted and sophisticated attacks against Google and other corporate networks. Microsoft admitted to the flaw in a recent security advisory shortly after McAfee first made it public, explaining that under certain conditions an invalid pointer reference within IE can be exploited to allow remote code execution.

Google claims it has evidence that the attacks originated from mainland China, possibly with involvement of the government, and says the attacks resulted in the theft of intellectual property. Adobe confirmed its network was also breached in the same attacks but did not provide any details on what was stolen. As with many targeted attacks, the intruders apparently gained access by targeting a few handpicked individuals within the company, tricking them into clicking a seemingly legitimate link or file, perhaps through some social engineering scheme.

Microsoft said it is developing a fix but it's not clear when it will be ready -- their next set of security updates part of the monthly "Patch Tuesday" cycle should take place on February 9. The critical flaw affects almost all of Microsoft's most recent Internet Explorer releases, including IE 6, IE 7 and IE 8, but so far security researchers have only seen the attacks on Google exploiting IE 6 on a Windows XP machine.

Until a patch is released, Microsoft advises users to keep Windows 7 and Vista on the most secure "protected mode" setting, and setting IE's Internet zone security to high. Or you could just switch to an alternate browser.




User Comments: 17

Got something to say? Post a comment
TomSEA TomSEA, TechSpot Chancellor, said:

So basically, what they're saying is that Google and Adobe employee's apparently aren't smart enough to use Firefox or Chrome.

Guest said:

"German web security office warns of "critical" flaws in Internet Explorer"

http://www.dw-world.de/dw/article/0,,5132998,00.html

I think it is high time for all the people to switch to the safe & secure FireFox and Linux OS like Ubuntu. Especially when this is free.

Vrmithrax Vrmithrax, TechSpot Paladin, said:

@TomSEA - you know, I wondered that myself... Why are Google employees getting hacked through IE, when they should be using Chrome to show company solidarity? heh

Guest said:

Microsoft advises you to switch to a different browser. Hmmm... I think I'll take their advice for once.

Guest said:

Google employees may be using IE in a test capacity. They are after all a web-based application company. It would be sort of stupid if they didn't have access to IE.

Ultiweap said:

Yes I think so that turning to Linux would be a great Idea or even Mac but for how many time. Microsoft was before the most secure OS but when everybody or majority goes on it, it became more and more vulnerable. After a time Mac and Linux will become the same if they got the majority users on it. So no where we are secure nowadays the best thing will be to know what we are doing exactly.

Eddie_42 Eddie_42 said:

Guest said:

Google employees may be using IE in a test capacity. They are after all a web-based application company. It would be sort of stupid if they didn't have access to IE.

Sure they should be TESTING, on IE, but why would they be browsing in IE?

I'll admit I use IE for a few work related things that cant be done in Firefox (Share point Sever for example), but the other 99% of the time I'm in Firefox.

Guest said:

That is funny.Now I vote we either invade China or hack into their governments computer system.Could someone post online how to do it.

Guest said:

First Google decided to stop censorship in China. And now China returns the favor by stealing information from Google.

Dear Google, there is a lesson here, and its for you to figure it out what it is.

Wendig0 Wendig0, TechSpot Paladin, said:

Vrmithrax said:

@TomSEA - you know, I wondered that myself... Why are Google employees getting hacked through IE, when they should be using Chrome to show company solidarity? heh

Not only that, but if they absolutely have to use IE, why use IE6 on an XP box? I wonder how low on the totem pole those employees had to be, to be stuck with an XP machine? Seriously Google, you guys have virtually unlimited money. Upgrade your employees to Windows 7 and get a new browser already.

Guest said:

Just the latest gaping security hole. I'm through with Windows and IE. I'm going to Ubuntu as an OS and either Firefox or Chrome as a browser. I'll feel a lot more secure.

tengeta tengeta said:

Simply blown away by Google people using IE... Microsoft must have been very happy to hear that.

Guest said:

nots not googles employies that got hacked its people that log in to the system. e.g the chineasis human rights activists, using gmail. this post referes to the atteck that is makeing google consider desensing or pulling out of chiner.

supportme said:

Google Emps using IE !!!

May be they don't trust google on their privacy... This breaks the myth that Google has super minds working for them... There are super dumbs too... LOL

Guest said:

The advice we are getting is to use another browser. But, isn't IE integrated in the Windows OS? Isn't that the reason why MicroSuck got sued years ago!? Now, since IE is integrated in the OS isn't the whole system at risk? Open a folder on your PC and type a URL in the address bar of the folder. It will open the URL in that folder!!! So how is using another browser going to protect you when the whole OS is vulnerable!?

I do shame Google on using IE and Winblows. The least they should be doing is using their Chorme browser!!! But, this was a great eye opener and I say its time MicroSuck is held accountable to the billions of dollars wasted and/or stolen because of their crappy software is easily compromised by thieves!!!! Think about how much time is wasted by industries. Think of all the annual identity thefts. Think of all the websites hacked into because Winblows just plan old SUX!!!

I put Mandriva Linux on my laptop a year and half ago and I have not had ONE issue with it yet!! Did I mention Mandriva Linux is completely FREE!!? It includes everything needed to do you daily computing....at home or work!! If its not on the OS you can go out on the web and get it....FREE!! It even includes a FREE Office Suite that is compatible with all other Office Suites out there!! Not only is it free but its stable and secure!! Did I mention it's all FREE!?

http://www2.mandriva.com/

Guest said:

Wendig0, what's "Windows 7"? I haven't seen any such thing at work.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.