Microsoft says a security flaw in its Internet Explorer browser played a role in the recent computer attacks against Google and at least 20 other companies.
The entire world has been talking about Google’s decision to not censor its China search engine after it became the victim of Chinese cyber attack. And while we’ve talked a great deal about its global implications and the censorship in China, we haven’t talked a lot about exactly how Chinese hackers actually broke through Google’s security measures. A recently published analysis by antivirus/computer security firm McAffee seemed to have some of the answers. And the final answer has come from non other than Microsoft!
Microsoft has admitted that a flaw in its Internet Explorer web browser enabled hackers to gain access to Google’s system, an event that resulted in Google threatening to pull its operations in China. In a post on its Microsoft Security Response Center, director Mike Reavey said that a bug within Internet Explorer could allow hackers to remotely run programs on infected machines.
“Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,” Reavey wrote.
In the Thursday alert confirming the weakness, Microsoft said the security hole can be closed by setting browser’s Internet security zone to “high.” The world’s largest software maker may also issue an update to fix the problem.
Microsoft pinpointed the trouble spot after Google announced earlier this week that hackers in China had pried into the e-mail accounts of human rights activists opposing the Chinese government’s policies. The attack outraged Google. It plans to leave China unless the government backs off rules requiring Google’s Chinese search engine to censor some results.
Overall, while Microsoft and IE seem to be partly to blame, the attack was sophisticated and executed on multiple fronts. In fact, the hackers knew who they wanted to target and what they wanted and used vulnerabilities never before known to do it. The nature of the attack likely played a big role in Google’s decision.
Attacks against corporate networks is constantly on the rise. How do you foresee the future of online security?