Microsoft calls for Internet Explorer upgrades after Google attack

Acknowledges a small number of attacks since the Google attack in China through a vulnerability in IE6

Microsoft has called on Internet Explorer (IE) 6 and 7 users to update their browsers to the latest version to counter a security vulnerability used in the much-reported attacks against Google in China.

In a statement, Microsoft said it was seeing a "a very limited number of targeted attacks against a small subset of corporations and the attacks that we have seen to date are only effective against Internet Explorer 6".

"We are not seeing any widespread attacks and thus far we are not seeing attacks focused on consumers," Microsoft said. The software giant also recommended Windows XP SP2 users upgrade to SP3.

Users can also switch to other browsers such as Firefox or Google Chrome to help reduce risk.

Late last week the code used in the Google attack was [[xref:|submitted for analysis on the Wepawet malware analysis Web site, making it publicly available. It subsequently became publicly available in hacking tools and was reportedly seen in online attacks as acknowledged by Microsoft.

A hacker could use the code to run unauthorised software on a victim's computer by tricking them into viewing a maliciously crafted Web page.

That's apparently what happened at Google late last year, when hackers were able to get into the company's internal systems. According to people familiar with the incident, 33 other companies were also targeted by the attack, including Adobe Systems.

On Thursday, Symantec and Juniper Networks said they were investigating the incident, and Yahoo, Northrop Grumman and Dow Chemical have also been named as victims in published reports.

France and Germany are both urging their citizens to stop using Microsoft's Web browser.

More information on the IE6 vulnerability can be found on the Microsoft security website.

Additional reporting by Robert McMillan

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftGoogleChinaInternet Explorersecurity vulnerability

More about Adobe SystemsAdobe SystemsDow Chemical AustraliaGoogleJuniper NetworksJuniper NetworksMicrosoftNorthrop GrummanSymantecYahoo

Show Comments