by: Glenn Chapman
SAN FRANCISCO (AFP) – Microsoft will release a patch on Thursday for an Internet Explorer 6 (IE 6) software hole through which China-based cyber spies attacked Google and other firms.
“Microsoft continues to see limited attacks, and to date, the only successful attacks have been against Internet Explorer 6,” the US software giant said Wednesday while announcing the “out-of-band” security update.
“We recommend that customers install the update as soon as it is available.”
Microsoft will release the patch as soon as it is ready instead of following its protocol of releasing security updates the second Tuesday of each month.
Microsoft will host a public webcast starting at 1:00 pm Pacific time (21H00 GMT) on Thursday to discuss the security update and field questions. The software patch will be released three hours earlier, according to Microsoft.
“We are working 24-by-7, around the clock,” Microsoft general manager of Trustworthy Computing SecurityGeorge Stathakopoulos told AFP. “We have been monitoring the threat landscape since the start of this issue.”
Attacks that prompted a showdown between Internet giant Google and global power China only worked against IE 6, so computer users can protect themselves by switching to newer versions of the Web browser, according to Stathakopoulos.
“IE 7 and 8 seem to be holding,” Stathakopoulos said. “None of the attacks we know of will be effective against IE 8. That could change, but that is what we know.”
No matter which Web browser people use, upgrading to the most current version promises to increase protection against hackers.
Microsoft confirmed last week that a previously unknown security vulnerability in its IE 6 browser was used in cyberattacks which prompted Google to threaten to shut down its operations in China.
Revealing the attacks on January 12, Google said they originated from China and targeted the email accounts of Chinese human rights activists around the world but did not explicitly accuse the Chinese government of responsibility.
Web security firm McAfee Inc. said that the attacks on Google and other companies showed a level of sophistication beyond that of cyber criminals and more typical of a nation-state.
Google said more than 20 other unidentified firms were targeted in the “highly sophisticated” attacks while other reports have put the number of companies attacked at more than 30.
Stathakopoulos described the attacks as “limited and targeted.”
Only one other company, Adobe, has come forward so far and acknowledged that it was a target.
Attackers used email or some other lure to get employees of a targeted company to click on a link and visit a specially crafted website using Internet Explorer.
Malicious software would then be downloaded that has the capability to essentially install ‘back doors’ in machines and give hackers access, according to McAfee.
“Microsoft patch due Thursday for IE hole – Yahoo! News.” The top news headlines on current events from Yahoo! News – Yahoo! News. Web. 22 Jan. 2010. http://news.yahoo.com/s/afp/20100120/tc_afp/uschinaitcompanyinternetgooglemicrosoft
