Microsoft Announces IE Security Hole Believed to be Involved in Google Attacks

Microsoft sent out a bulletin yesterday announcing the existence of a new vulnerability in IE that could let to remote code execution. The hole was discovered during the investigation of the alleged Chinese attacks on Google and many other tech companies that has been all over the news the past few days.

Microsoft says that "Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected."

Microsoft is working on a fix for this issue, but acknowledged that it may not be released until next month. Fortunately, in order for someone to compromise your system with this hole, you must be tricked into clicking a link to download malicious javascript. So if your antivirus is updated and you take normal precautions about which links to click, you should be fine.

The attack that compromised Google et al's systems is said to have been extremely sophisticated to the point that an attack of such quality had never been made on a corporate level.

Read Microsoft's security advisory here.


Michael Holley

Switchfast Technologies
Chicago IT Consulting & Support
Rochester IT Consulting & Support