IE Vulnerability Behind Google Hack: Microsoft

Microsoft, the software giant, has acknowledged that vulnerability exists within its Internet Explorer browser that let Chinese cyber attackers to hack into the corporate networks of Google.

According to director of Microsoft Security Response Center, Mike Reavey, who wrote in a company blog, the Center's investigations revealed that attackers used IE to execute sophisticated and personalized assaults against Google as well as probably other corporate systems, as per the news published by V3.co.uk on January 15, 2010.

Reportedly, Microsoft made the announcement following chief technology officer of McAfee, George Kurtz's blog write up that his company had found an earlier unknown flaw in Internet Explorer that hackers had exploited.

He stated that during their investigations, it was found that a certain piece of malware used in the Google assault abused a fresh, publicly-unknown security flaw within Microsoft's Internet Explorer. V3.co.uk published this news on January 15, 2010.

In the meantime, according to some researchers, the attack involved a security flaw in Reader or Acrobat software of Adobe. However, Adobe, which had also been targeted with the attack, stated that it had observed no clues of the involvement of its products in the attacks.

Furthermore, Dmitri Alperovitch, Vice-President of threat research at McAfee, too substantiated that the firm hadn't found any evidence of the involvement of PDFs during the attack, reported by InformationWeek on January 14, 2010.

Explaining the nature of the attack, Alperovitch said that it was highly sophisticated, similar to those observed solely in the defense industrial and government sectors. He added that it didn't indicate any unprofessional mistakes.

Moving ahead, Microsoft stated that the flaw didn't affect IE 5.01 Service Pack 4 running on the company's Windows 2000 Service Pack 4. On the other hand, Internet Explorer 6 Service Pack 1 running on Microsoft Windows 2000 Service Pack 4, and IE versions 6, 7 and 8 running on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows XP, Windows Vista and Windows 7 were vulnerable.

Besides, Microsoft released certain precautionary steps that customers should follow so that any further attacks could be prevented. The company also cautioned organizations to remain cautious of the continuously rising threats that still prevail.

Related article: IE & Gmail Show Up with Alarming Vulnerabilities

» SPAMfighter News - 1/26/2010