Microsoft alerted to IE's 'Google Hack' flaw in August 2009
Posted on 26 Jan 2010 at 13:34, by Tim Smalley
Microsoft was first alerted to the Internet Explorer flaw used in the Google attacks back in Augusut 2009 after a white-hat hacker at BugSec reported the vulnerability to the software giant.
The hole was scheduled for plugging in the next batch of security updates due in February, but the targeted attacks against Google, Adobe and up to 32 other American firms in China forced the software giant to release a patch much quicker.
It's become apparent that the vulnerability wasn't just limited to Internet Explorer either, as it can also be exploited by including an ActiveX control in Word, Excel, PowerPoint or Excel files.
A malicious hacker could build a spoofed website to gain access to the same user rights as any web user landing on the site. Security outfit Kaspersky said that if the user attempted to log into the malicious site, the attacker could take complete control of an affected system using the vulnerability.
The Internet Explorer update applies to all versions of the browser on all Windows versions, patching at least eight vulnerabilities that could lead to harmful attacks using remote execution.
Find a review
- Upcoming USB Type-C connector to be thinner and reversible
- Amazon Coins virtual currency launches in the UK
- Amazon could be planning parcel pickups from London tube stations
- TalkTalk reboots Brownie Computer badge
- Review Roundup: Motorola Moto G, Panasonic GM1, Lenovo Yoga Tablet 10 and more
- The Expert Reviews Awards 2013 - Winners revealed
- Download next-gen games in under an hour with 152Mbit/s Virgin Media cable
- Review Roundup: iPad Air, Nexus 5, Lenovo Yoga Tablet, Tesco Hudl and much more
- Review Roundup: Bargain HP Chromebook, new iMac and Surface Pro 2, Sky HD vs Virgin TiVo plus much more
- Not one UK city can boast ‘super-fast’ broadband says uSwitch