SOFTWARE INDUSTRY NEWS

Microsoft admits IE vulnerability was exploited in Google attack
15 January 2010 , Written by Dhruv Tanwar
Bookmark and Share


In a blog post, Mike Reavey, Director, Microsoft Security Response said, “Unfortunately cyber crime and cyber attacks are daily occurrences in the online world.  We condemn these attacks and the recent attacks against Google and other companies.”

He said according to Microsoft’s investigations into the attacks, “we recently became aware that a vulnerability in Internet Explorer appears to be one of several attack mechanisms that were used in highly sophisticated and targeted attacks against several companies. At this time, we have no indication that Microsoft’s corporate network or our mail properties were attacked as part of these attacks.”

Microsoft has published a Security Advisory that provides people with guidance, and tools, to help protect themselves, and is now working with its Microsoft Active Protections Program (MAPP) and Microsoft Security Response Alliance (MSRA) partners to help provide broader protections for customers.  “At this point, these attacks appear to be targeted at corporations; we have not seen any evidence of attacks against consumers,” the blogpost read.

The vulnerability that the Chinese hackers exploited affects Internet Explorer 6, IE 7, and IE 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4, Microsoft said in an advisory this week. Earlier this week, Google had said the attacks targeting it and other US corporations had originated in China, and the targets of the attack were the email accounts of human rights activists. Source code was said to have been stolen from over 30 Silicon Valley companies targeted in the attack, reports said. Amongst companies who have been reported as targets of the attacks are Adobe, Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical.

In its statement, Microsoft said the vulnerability in its Internet Explorer browser exists as an invalid pointer reference and that it could allow an attacker to take control of a computer if the target were defrauded into clicking on a link in an e-mail or an instant message that led to a Web site hosting malware.  "It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems," it said in its statement. “Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity. We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation,” Reavey concluded in his blog.
 

LISTS AND RESEARCH

  • list Global Software Top 100 - Edition 2011
    • The Global Software Top 100 is a list of the world's largest software companies, ranked by annual software revenues. The list is based upon revenue information of 10,000+ IT companies worldwide.
  • Software industry trends (2011)
    • This research article (accompanying the Global Software Top 100) describes changes in the software industry playing field. It analyses trends and key players and forecasts future developments.
  • Top hardware companies
    • A list of the world's largest hardware companies.
  • What happens in the hardware industry?
    • Trends and analysis of the hardware industry and its key players.
  • Top IT services companies
    • A list of the world's largest IT services companies, ranked by annual services revenues. This link will take you to www.servicestop100.org.
  • IT services companies: healthy growth
    • What is happening in the IT services industry? Read this research publication to find out about trends and key players in the IT services industry.
  • Top gaming companies (2010)
    • Entertainment is good business, and gaming software companies are growing faster than the rest of the software industry. This research article discusses trends and key players in the gaming business.
  • Top ERP companies
    • A research publication about the world's leading players in enterprise software.
  • Top security software companies
    • A research publication discussing the world's leading publishers of security software: antivirus-, spamfiltering-, intrusion detection- and firewall software.
  • The fastest growing software companies
    • This research publication reveals the fastest growing software companies in the world.
  • CRM companies: a short list
    • A short list of the leading software companies selling Customer Relationship Management software; aimed at IT managers looking to purchase CRM software.
  • Top software companies in the US (2010)
    • A list of the largest software companies in the United States, ranked by annual software revenues. 2010 Edition, posted 15 December 2010.
  • U.S. software industry trends (2010)
    • A research publication discussing the trends and the key players in the software industry in the United States. Posted 15 December 2010.
  • Top companies in the world (not just software)
    • A general list of the largest companies in the world, ranked by revenues. Not just software companies; in fact, there are no software companies in it...
  • Top IT companies
    • A list of the largest IT companies in the world, ranked by annual revenues. Includes hardware, software and services.
More lists and research >

POPULAR NEWS

Go to news overview >

RECENT NEWS

Go to news overview >