January 15, 2010

Attacks From China Exploited Browser Vulnerabilities

Microsoft is exploring several recent cyberattacks linked to a vulnerability in its Internet Explorer Web browser that have prompted Google to threaten to leave China, AFP reported.

Mike Reavey, the director of Microsoft's Security Response Center, said in a blog post that Internet Explorer was one of the vectors used in targeted and sophisticated attacks targeted against Google and other corporate networks.

Reavey said Microsoft is continuing to work with Google, other industry partners and authorities to actively investigate the issue.

"To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE6 (Internet Explorer 6)," the blog post said.

Meanwhile, changing Internet zone security settings to "high" would protect users from the vulnerability, according to Reavey.

Microsoft's security advisory was issued shortly after Web security firm McAfee reported that the cyberattacks, which Google said originated in China, exploited a previously unknown vulnerability in Internet Explorer.

China-based cyber spies struck Google in an apparent bid to hack into the email accounts of human rights activists around the world, Google said on Tuesday.

Some 20 other unidentified firms were also targeted in the "highly sophisticated" attacks, according to Google.

Other reports have put the number of companies attacked at more than 30.

Google stated it will no longer censor its Internet search engine in China and that it was prepared to shut down its operations entirely if it was unable to reach an agreement with the Chinese authorities.

Some experts have speculated that the attackers may have exploited flaws in Adobe's Acrobat software and its widely used Reader program for opening PDF documents.

McAfee said that Internet Explorer is vulnerable on all recent versions of the Windows operating system, including Windows 7.

Microsoft said attacks had been limited to IE6, an older version of the application.


On the Net: