Microsoft to patch flaw responsible for Google, China fiasco

By Justin Mann on January 20, 2010, 6:00 PM
Microsoft announced today that a particularly nasty flaw in IE will be patched tomorrow. The flaw in question earned some fame recently as the culprit behind the China-based attack on Google -- a situation that is still boiling. Google claims that little data of importance was compromised as a result of the flaw and Microsoft noted that attacks only succeeded on machines running IE6.

Microsoft will push the patch out tomorrow around 10AM PST, outside of their normal patching schedule. A statement from Jerry Bryant, a security program manager at Microsoft, revealed that the sensitive nature of the flaw prompted them to crank it out faster than usual. Users of IE6, 7 and 8 on Windows XP, Server 2003, Vista, Server 2008 and Windows 7 are urged to apply the patch once it is available.




User Comments: 14

Got something to say? Post a comment
9Nails, TechSpot Paladin, said:

Reuters in China was saying that this attack might be an inside job at Google. There's still an ongoing investigation, but they're concerned that a Google employee dropped a Hydraq Trojan, which seemed to be targeted to specific people inside the company.

In a weird way, that's makes me feel a little better about this patch knowing that the Trojan affects specific machines, and that the attack wasn't the result of some infected public website that a computer user happened upon. I'll still patch my systems, and I have to give props to Microsoft for understanding the severity of this flaw and issuing a patch so quickly.

Timonius Timonius said:

"noted that attacks only succeeded on machines running IE6."

I've worked for two larger companies that depend on IE6 for their day to day business operations, of which one will probably refuse to upgrade for the next couple of years or until Microsoft 'forces' them to. It is usually a good idea to make sure software is up to date. Yeah it'll probably be a nice project for the IT dept.

Archean Archean, TechSpot Paladin, said:

Microsoft announced today that a particularly nasty flaw in IE will be patched tomorrow. The flaw in question earned some fame recently as the culprit behind the China-based attack on Google -- a situation that is still boiling. Google claims that little data of importance was compromised as a result of the flaw and Microsoft noted that attacks only succeeded on machines running IE6.

Read the whole story

Served them (i.e. google) well

ET3D, TechSpot Paladin, said:

I read: "Microsoft to patch flaw responsible for Google". Oh, that explains things. Took them long enough.

Guest said:

Ha ha*... well spotted

Phantasm66 Phantasm66 said:

Timonius said:

"noted that attacks only succeeded on machines running IE6."

I've worked for two larger companies that depend on IE6 for their day to day business operations, of which one will probably refuse to upgrade for the next couple of years or until Microsoft 'forces' them to. It is usually a good idea to make sure software is up to date. Yeah it'll probably be a nice project for the IT dept.

You are absolutely right, plenty of big companies locked into using IE6. I've done development work in these environments and they will be stuck with IE6 for some time to come, believe me.

JudaZ said:

More info about upcomming patch - http://linkcut.net/74b58752a7

fwilliams said:

IE6 will probably be around aa long as COBOL

Guest said:

This raises a question in my mind. Any one with an older system has products of that time period leftin it, no matter how much their system has been updated. So how does this "flaw" efect them?

jjbeard926 said:

Am I the only person that thinks not only should Google pull out of China but that all American companies should pull out? For that matter, block all web traffic in and out of China all together. Completely cut them off from the US. Pull American money out, stop buying their products, start charging major tariffs on Chinese exports. If they refuse to play by the same rules everyone else does, then they don't get to play.

captaincranky captaincranky, TechSpot Addict, said:

Imma Git on Mah High Horse an' Rahd.....

Am I the only person that thinks not only should Google pull out of China but that all American companies should pull out? For that matter, block all web traffic in and out of China all together. Completely cut them off from the US. Pull American money out, stop buying their products, start charging major tariffs on Chinese exports. If they refuse to play by the same rules everyone else does, then they don't get to play.
Actually, you may be the only person that feels this way . First of all, there isn't that much American money in China, it's just a bunch of BS >> I.O.U <<s. We're actually lucky that they don't come over here and demand payment.

And as to "not buying their product" I'd really like to see you personally be forced to buy all your products from factories in the US, with union workers.

I reckon that the first time you paid 3 or 4 hundred dollars for a US made motherboard that you could buy Chinese made for a hundred bucks or so, you'd be "spewing forth" a different sermon. Oh, yeah, don't forget to "look for the union label"

The best outlet for your runaway patriotism, might be to tape an American flag to your car, and go back to driving through traffic lights while running your yap on a Chinese made iPhone.

Archean Archean, TechSpot Paladin, said:

First of there isn't that much American money in China

American dollar is nothing more than a worthless piece of paper if it weren't for Chinese. Infact, if it weren't for american military power (which is pretty stretched and becoming ineffective as well); america may become irrelevant. History has taught us one thing, big science and knowledge always follow money, as the money shifts from one nation to another so does the scientific knowledge;

so there is a cue for you jj .....

captaincranky captaincranky, TechSpot Addict, said:

Archean; please fix my quote to read; "first of > ALL < (comma), there isn't...[ ]...

This was a failure to proofread fully on my part, and I apologize for it.

Although, I suppose if had actually typed, "first OFF", that would have worked too.

Archean Archean, TechSpot Paladin, said:

That's alright; the other day i typed 'tail' instead of 'tale' and you was gracious enough to overlook it, the point is we all sometimes end up with typing errors etc. and that is nothing to worry about

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.