- Back to homepage

Microsoft knew about IE6 flaw for months ?

@ 2010/01/22

MICROSOFT WAS MADE AWARE of the zero-day IE6 flaw five months before it released the 'emergency' out-of-band ms10-002 patch to finally fix the problem yesterday.

The release was hurriedly cobbled together to patch the hole in Internet Explorer that was thought to have given Chinese hackers, possibly working for China's government, access to Google's internal systems and human rights activists' Gmail accounts.

Comment from jmke @ 2010/01/22

it were clients using IE6 which were used to attack google site using exploit in IE to bypass certain security barriers from what I've understood.

the "internal systems" = gmail.
which for google is "their system"

Quote:

The company admitted that its own investigations into the highly organized hacking attack in late December against various companies (including Google) had concluded that a Remote Code Execution vulnerability in IE was used by the perpetrators. That vulnerability is triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model element; attack code may be executed if it is successfully placed in a random location of freed memory.

so all they needed to do is get the target to load a website with the javascript code to get access to their google account;

Comment from Rutar @ 2010/01/22

How did they Access the internal Systems then?

Comment from jmke @ 2010/01/22

...think you misread this.

an exploit on client's end using IE bug.
says nothing about google using IE

Comment from Rutar @ 2010/01/22

Someone at google actually uses IE? O—o

All information and graphics contained in Madshrimps are sole property of the Madshrimps crew and may not be reproduced or copied in any manner without written permission from us.