Internet Explorer
Exploit code for the IE flaw is already on the internet
R E L A T E D   C O N T E N T
Similar articles
IT hound results
News centre
More from V3.co.uk

Free email newsletters




ADVERTISEMENT

France joins Germany in call to dump IE

Microsoft under heavy pressure to fix zero-day flaw used in hacking attack on Google

Phil Muncaster, V3.co.uk 18 Jan 2010
ADVERTISEMENT

The pressure on Microsoft to release an out-of-cycle patch for an IE flaw which allowed Chinese hackers to attack Google's systems continues to grow, after authorities in France joined the German government in urging citizens to use an alternative browser.

Microsoft admitted late last week that the hack of Google's systems revealed on Tuesday was caused by a vulnerability in version 6 of its popular browser.

"The vulnerability exists as an invalid pointer reference within Internet Explorer," read a Microsoft security advisory.

"It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."

It later emerged that the exploit code for the flaw had made its way onto the internet, increasing the likelihood of copycat attacks.

The French and German authorities are now urging their citizens to use an alternative browser until the flaw is fixed, and the pressure on Microsoft to release an out-of-cycle patch is growing.

However, Microsoft is continuing to advise users to upgrade to the latest version of the browser, which appears to be unaffected by the vulnerability.

Graham Cluley, senior technology consultant at security vendor Sophos, warned that switching browsers may cause more problems than it solves in many cases.

"If your IT department doesn't already formally support an alternative brow ser, and if your users aren't already familiar with the other browser, you may be causing more problems than it's worth by summarily switching browsers," he wrote in a blog posting today.

"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer. That's not going to be good for productivity. And finally, what if your replacement browser itself turns out to contain a vulnerability? Are you going to switch again?"

See also:

George Kurtz
McAfee CTO: Google hack was 'watershed' moment
'Targeted and co-ordinated nature of the attack' marks it out, says George Kurtz  18 Jan 2010
Yahoo
Yahoo under fire from Chinese partner over Google hack
Alibaba Group, which owns Yahoo China, describes Yahoo's comments as 'reckless'  17 Jan 2010
Hillary Clinton
US government to complain to China over Google hack
State department spokesman reveals diplomatic tension between two superpowers  16 Jan 2010
Chinese flag
More details emerge on Google hack
Attack could be linked to similar incident last year involving around 100 Silicon Valley firms, says iDefense  13 Jan 2010

All Hacking
Tags: Threats, Ie, Sophos, Microsoft, Google, China, Security, Software, Strategy

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Implementation/ Release Manager
| Hays Information Technology
Our client is an internationally based organisation and is urgently looking for an Implementation/ Release manager. We are looking for the successful candidate to manage the timely development of workflow processes and software applications to ... more >
Senior Software Developer (Web)
| Computer People
My client a leading business to business services organisation based in Leeds is currently seeking a Senior Web Developer to join their rapidly expanding team. Reporting to the Systems Development Manager you will be involved ... more >
Development Team Leader - leading team of 5, .Net
| Computer People
My client is looking for a Development Team Leader to work in both a hands on development capacity as well as managing a small team of developers (4/5). You will be responsible for: the direct ... more >
Data Analyst
| Hays Information Technology
Data analyst – Excel   My public sector client requires a data analyst with specific in-depth experience of excel, modifying, updating and manipulating spreadsheets. Checking all data integrity. Interviews are to be held ASAP and ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093