Microsoft admits Explorer vulnerability led to Google attack

15 Jan 2010

Microsoft has admitted to a weak link in its Internet Explorer that facilitated the recent attacks on Google's systems in China.

The attack led to Google threatening to terminate its China operations. (See: Google threatens to exit China after cyber attacks

The company said in a blog post on last night that hackers could remotely run programs on infected machines through a vulnerability in the browser.

Meanwhile, Microsoft has issued preliminary guidance for mitigation of the problem and has started work on a formal update to plug the vulnerability.
 
According to Microsoft's director of security response Mike Reavey, quoted in the post, "Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks."

The attacks were apparently targeted at personal information on Chinese dissidents and the code that runs some of Google's critical services. They also hit a number of other companies, reportedly Yahoo and US defence contractor Northrop Grumman.

Microsoft confirmed the existence of the vulnerability following an investigation by internet security firm McAfee and information from Google and Adobe.