Microsoft patching IE hole used by China cyber spies

Jan 19, 2010
A man surfs the internet in the street in Beijing. Microsoft said Tuesday it is working around the clock to patch an Internet Explorer 6 (IE 6) software hole through which China-based cyber spies attacked Google and other firms.

Microsoft said Tuesday it is working around the clock to patch an Internet Explorer 6 (IE 6) software hole through which China-based cyber spies attacked Google and other firms.

Microsoft is testing a security fix and will make it available as soon as it is ready instead of following its protocol of releasing security updates the second Tuesday of each month.

"We are working 24-by-7, around the clock," Microsoft general manager of Trustworthy Computing Security George Stathakopoulos told AFP. "We have been monitoring the threat landscape since the start of this issue."

Microsoft is to announce Wednesday when the will be released.

Attacks that prompted a showdown between Internet giant Google and global power China only worked against IE 6, so can protect themselves by switching to newer versions of the Web browser, according to Stathakopoulos.

"IE 7 and 8 seem to be holding," Stathakopoulos said. "None of the attacks we know of will be effective against IE 8. That could change, but that is what we know."

No matter which Web browser people use, upgrading to the most current version promises to increase protection against hackers.

Microsoft confirmed last week that a previously unknown security vulnerability in its IE 6 browser was used in cyberattacks which prompted Google to threaten to shut down its operations in China.

Revealing the attacks on January 12, Google said they originated from China and targeted the email accounts of Chinese human rights activists around the world but did not explicitly accuse the Chinese government of responsibility.

firm McAfee Inc. said that the attacks on Google and other companies showed a level of sophistication beyond that of and more typical of a nation-state.

Dmitri Alperovitch, vice president of threat research for McAfee, said that while McAfee had "no proof that the Chinese are behind this particular attack, I think there are indications though that a nation-state is behind it."

said more than 20 other unidentified firms were targeted in the "highly sophisticated" attacks while other reports have put the number of companies attacked at more than 30.

Stathakopoulos described the attacks as "limited and targeted."

Only one other company, Adobe, has come forward so far and acknowledged that it was a target.

Attackers used email or some other lure to get employees of a targeted company to click on a link and visit a specially crafted website using , Alperovitch said.

Malicious software would then be downloaded that has the capability to essentially install 'back doors' in machines and give hackers access, according to McAfee.

Explore further: Android gains in US, basic phones almost extinct

add to favorites email to friend print save as pdf

Related Stories

Microsoft, HP fail to back Google's China move: FT

Jan 14, 2010

The chief executives of Microsoft and Hewlett-Packard have declined to back Google's threat to pull out of China over censorship and cyberattacks, the Financial Times reported on Thursday.

Recommended for you

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

frajo
1 / 5 (1) Jan 19, 2010
Why do employees of an international high-end IT company use IE6? Why are they allowed to?
Why do employees of an international high-end IT company click on http links contained in emails?
Why don't employees of an international high-end IT company look carefully what http link they are going to click on?

More news stories

Hackers of Oman news agency target Bouteflika

Hackers on Sunday targeted the website of Oman's official news agency, singling out and mocking Algeria's newly re-elected president Abdelaziz Bouteflika as a handicapped "dictator".

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Easter morning delivery for space station

Space station astronauts got a special Easter treat: a cargo ship full of supplies. The shipment arrived Sunday morning via the SpaceX company's Dragon cargo capsule.