New IE Hole Exploited in Attacks on U.S. Firms

Friday Jan 15th 2010 by Staff

The Chinese cyberattacks on Google and other U.S. firms were made possible by a vulnerability in Microsoft's Internet Explorer.

cnet: On Thursday, Microsoft confirmed that "Internet Explorer was one of the vectors" used in the well-publicized Chinese attacks on Google and other U.S. firms. The vulnerability can be found in Internet Explorer 6, IE 7, and IE 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4.

Sources say that the Chinese attackers stole source code from more than 30 U.S. companies, including Google, Adobe, Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical.

Microsoft is working on a fix that will patch the vulnerability but haven't said when that patch will become available. Until then, users can protect their systems by putting the IE Internet zone security setting on "high" and enabling Data Execution Prevention.

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved