Friday, January 15, 2010

Microsoft admits Explorer used in Google China hack

Google HQ in China (AP)
Microsoft is working to patch the vulnerability through a software update

Microsoft has admitted that its Internet Explorer was a weak link in the recent attacks on Google's systems that originated in China.

The firm said in a blog post on Thursday that a vulnerability in the browser could allow hackers to remotely run programs on infected machines.

Following the attack, Google threatened to end its operations in China.

Microsoft has released preliminary guidance to mitigate the problem and is working on a formal software update.

So far, Microsoft "has not seen widespread customer impact, rather only targeted and limited attacks exploiting Internet Explorer 6".

"Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," said Microsoft's director of security response Mike Reavey in the post.

'Unfortunate'

Security firm McAfee told news agency AFP that the attacks on Google, which targeted Chinese human rights activists worldwide, showed a level of sophistication above that of typical, isolated cyber criminal efforts.

McAfee's vice-president of threat research Dmitri Alperovitch told AFP that although the firm had "no proof that the Chinese are behind this particular attack, I think there are indications though that a nation-state is behind it".

The recent spate of attacks was alleged to have hit more than 30 companies including Google and Adobe, but security firms have since said that such invasions are routine.

Mr Reavey echoed this in the post.

"Unfortunately cyber crime and cyber attacks are daily occurrences in the online world. Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity. We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation."

No comments: