Microsoft Releases Patch for ‘Google Hack’ Flaw in Internet Explorer

Within few days after admitting that Chinese Hackers exploited Internet Explorer flaw to attack Google Microsoft has released patch for the ‘Google Hack’ flaw in IE. The patch will fix vulnerabilities in IE6, IE7, and IE8 on supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2—vulnerabilities notably exploited in the recent series of Chinese-based attacks against Google and 30 other tech companies.

Microsoft has previously insisted that the publicly posted exploit code only affects IE6 and as such recommended its users to upgrade. While the software giant says the attacks it sees in the wild are still only successful against IE6, Redmond has rated the flaw “Critical” for all versions of the browser.

Microsoft Releases Patch for 'Google Hack' Flaw in Internet Explorer

This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” a Microsoft spokesperson told. “It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized.

The fact that the update is being released out-of-band (meaning that Microsoft is not going to wait until its next Patch Tuesday on February 9) shows how serious the company is taking this particular vulnerability. The company admitted that its own investigations into the highly organized hacking attack in late December against various companies (including Google) had concluded that a Remote Code Execution vulnerability in IE was used by the perpetrators. That vulnerability is triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model element; attack code may be executed if it is successfully placed in a random location of freed memory.

The patch is now available via Windows Update and on the Microsoft Download Center. Anyway, here are all the links you will need depending on your OS and IE version:

> Internet Explorer 5.01 SP4
> Internet Explorer 6 SP1
> Internet Explorer for Windows XP 32-bit
> Internet Explorer for Windows XP 64-bit
> Internet Explorer 7 for Windows XP 32-bit
> Internet Explorer 7 for Windows XP 64-bit
> Internet Explorer 8 for Windows XP 32-bit
> Internet Explorer 8 for Windows XP 64-bit
> Internet Explorer for Windows Server 2003 32-bit
> Internet Explorer for Windows Server 2003 64-bit
> Internet Explorer for Windows Server 2003 Itanium
> Internet Explorer 7 for Windows Server 2003 32-bit
> Internet Explorer 7 for Windows Server 2003 64-bit
> Internet Explorer 7 for Windows Server 2003 Itanium
> Internet Explorer 8 for Windows Server 2003
> Internet Explorer 8 for Windows Server 2003 64-bit
> Internet Explorer 7 for Windows Vista 32-bit
> Internet Explorer 7 for Windows Vista 64-bit
> Internet Explorer 8 for Windows Vista 32-bit
> Internet Explorer 8 for Windows Vista 64-bit
> Internet Explorer 7 for Windows Server 2008 32-bit
> Internet Explorer 7 for Windows Server 2008 64-bit
> Internet Explorer 7 for Windows Server 2008 Itanium
> Internet Explorer 8 for Windows Server 2008 32-bit
> Internet Explorer 8 for Windows Server 2008 64-bit
> Internet Explorer 8 for Windows 7 32-bit
> Internet Explorer 8 for Windows 7 64-bit
> Internet Explorer 8 for Windows Server 2008 R2 64-bit
> Internet Explorer 8 for Windows Server 2008 R2 Itanium

11 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

nineteen − eight =

CommentLuv badge