News

Zero-Day IE Bug Exploited for Google Attack

Microsoft continues to investigate the first zero-day exploit of 2010 surrounding Internet Explorer.

The company issued a security advisory encompassing various IE versions on Thursday. According to the advisory, IE has a vulnerability that can enable remote code execution attacks. The flaw stems from an "invalid pointer reference" in the Web browser.

Most versions of IE have the vulnerability. IE 6 Service Pack 1 on Microsoft Windows 2000 SP4 has the bug. Moreover, the flaw exists in IE 6, IE 7 and IE 8 on supported editions of Windows XP, Vista and Windows 7, plus Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2.

Antivirus software company McAfee claimed discovery of the bug earlier in the week. McAfee described the hacking operation as "operation aurora," claiming that hackers were attempting to use the IE vulnerability and social engineering techniques to steal intellectual property from Google and other companies.

Google disclosed that it was attacked on Tuesday. On Thursday, Microsoft's security team confirmed that the hackers had used the flaw in IE to try to steal information from Google and other companies.

"Based on our investigations into these attacks, as well as the investigations of others, we recently became aware that a vulnerability in Internet Explorer appears to be one of several attack mechanisms that were used in highly sophisticated and targeted attacks against several companies," wrote Mike Reavey, Microsoft's director of security response, in a blog post.

The name "aurora" was apparently the file-path handle hackers used for their invalid pointer reference attack, according to McAfee's blog. The attack appears to require the diversion of a user to a malicious Web page, perhaps through an e-mail link. It can be triggered via a Web page's banner ad or hypertext link, according to McAfee. The idea is for users to download and run executable malware that may help attackers access a network.

"It's hard to imagine a cyber breach with bigger ramifications than this one unless it involved some infrastructure capacity," said Andrew Storms, director of security at nCircle. "The scope and the targeting of this breach should grab not just the IT manager's attention but every CEO's attention."

Microsoft said in its advisory that it was aware of limited but "active attacks attempting to use this vulnerability against Internet Explorer 6." Attacks against other IE versions have not been seen so far, according to Microsoft. Nevertheless, the company plans to "continue to monitor the threat environment and update this advisory if this situation changes."

More such attacks may be seen throughout this year.

"I think we're going to see these types of attacks again and again in 2010, and since this has potential ties to the well-publicized attacks reported earlier in the week to Google, it's imperative that businesses take quick action to protect themselves," said Michael Sutton, vice president of security research at Zscaler.

Microsoft suggested that configuring IE's Internet zone security setting to "high" will protect users from the vulnerability mentioned in this latest advisory. Adjusting the zone setting in IE will serve as a workaround until Microsoft comes up with another monthly patch or specific hotfix.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.