This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

A zero-day vulnerability in Internet Explorer was a factor in the Google attack earlier this week

Share this article:

The attack on Google in China was possible due to a zero-day vulnerability on Internet Explorer.

Microsoft said that the vulnerability exists as an invalid pointer reference within Internet Explorer. It said that it is possible, under certain conditions, for the invalid pointer to be accessed after an object is deleted.

In a specially crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. Microsoft said that it was aware of ‘limited, active attacks attempting to use this vulnerability against Internet Explorer 6', but had not seen attacks against other affected versions of Internet Explorer.

It said: “We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

In a web-based attack scenario, an attacker could host a website that contains a web page that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

Microsoft said that in all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or Instant Messenger message that takes users to the attacker's website.

Microsoft said that its investigation showed that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 are affected.

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected.

In what it calls ‘Operation Aurora', as ‘Aurora' was used as part of the file path in the attacks, George Kurtz, CTO of McAfee, said: “As with most targeted attacks, the intruders gained access to an organisation by sending a tailored attack to one or a few targeted individuals.

“We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That's when the exploitation takes place, using the vulnerability in Microsoft's Internet Explorer.

“Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.”

Michael Sutton, vice president of security research at Zscaler, said: “Targeted, web-based attacks can be a powerful tool for criminals. Zero-day attacks that impact popular software such as Internet Explorer affect virtually every organisation.

“When vulnerabilities such as these emerge, rapid deployment of protections is absolutely critical.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Insider threat levels from ex-staffers greater than expected

Insider threat levels from ex-staffers greater than expected

A third of of ex-employees have access to company data and 9 percent have used their access privileges, says new research.

WSJ the latest publisher to be hit by 'w0rm' hacker

WSJ the latest publisher to be hit by ...

The Wall Street Journal has become the latest US media organisation to be hacked, just days after similar attacks against Vice Media and Metro US.

Queen's website hosts controversial tracking technique

Queen's website hosts controversial tracking technique

Advertising tracking called 'canvas fingerprinting' is used on many websites and identifies unique individuals and their browsing habits and works surreptitiously.