IE Vulnerability Linked To Attacks On Google, Others
Tom Kelchner, 19/01/2010, posted in "Analysis"
Tom Kelchner is Research Center Manager at Sunbelt Software. Tom is a communications professional with extensive background in computer security, anti-virus application testing and computer virus analysis. He is ...more info
Tom Kelchner is Research Center Manager at Sunbelt Software. Tom is a communications professional with extensive background in computer security, anti-virus application testing and computer virus analysis. He is a former daily newspaper reporter and deputy press secretary to governor of Pennsylvania. ...less info
The governments of France and Germany have urged users to stop using Microsoft’s Internet Explorer browser until the company fixes the security vulnerability that has been blamed, at least in part, for the attacks from China on Google and more than two dozen other companies. The attacks on Google were aimed at the Gmail accounts of dissidents and Google’s source code.
The German Bundesamt für Sicherheit in der Informationstechnik (BSI) issued a statement Jan. 16 that running IE in protected mode and disabling active scripting could improve the browser’s security but could not completely prevent exploitation. They recommended that users switch to an alternative browser until Microsoft patches the flaw.
The French computer emergency response group Centre d’Expertise Gouvernemental de Réponse et de Traitement des Attaques informatique (CERTA) issued the Jan. 15 advisory. “Le CERTA recommande l’utilisation d’un navigateur alternatif.” [CERTA recommends using an alternate browser.]
McAfee security company CTO George Kurtz commented on the gravity of the attack on the company’s blog yesterday in a piece titled “Dealing With ‘operation Aurora’ Related Attacks:”
“I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations. While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits. What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property.”
Kurtz didn’t exactly call for Microsoft to issue an out-of-cycle patch, but came close:
“It will be interesting to see if this vulnerability forces and out of cycle patch update.”
McAfee blog piece.
Subscribe via RSS or via email
