Microsoft knew about IE6 flaw for months ?

jmke · 22nd January 2010, 15:54

MICROSOFT WAS MADE AWARE of the zero-day IE6 flaw five months before it released the 'emergency' out-of-band ms10-002 patch to finally fix the problem yesterday.

The release was hurriedly cobbled together to patch the hole in Internet Explorer that was thought to have given Chinese hackers, possibly working for China's government, access to Google's internal systems and human rights activists' Gmail accounts.

http://www.theinquirer.net/inquirer/...e6-flaw-months

22nd January 2010, 17:45

Someone at google actually uses IE? O—o

jmke · 22nd January 2010, 18:15

...think you misread this.

an exploit on client's end using IE bug.
says nothing about google using IE

22nd January 2010, 18:39

How did they Access the internal Systems then?

jmke · 22nd January 2010, 18:41

it were clients using IE6 which were used to attack google site using exploit in IE to bypass certain security barriers from what I've understood.

the "internal systems" = gmail.
which for google is "their system"

Quote:

The company admitted that its own investigations into the highly organized hacking attack in late December against various companies (including Google) had concluded that a Remote Code Execution vulnerability in IE was used by the perpetrators. That vulnerability is triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model element; attack code may be executed if it is successfully placed in a random location of freed memory.

so all they needed to do is get the target to load a website with the javascript code to get access to their google account;

22nd January 2010, 15:54	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,021	Microsoft knew about IE6 flaw for months ? MICROSOFT WAS MADE AWARE of the zero-day IE6 flaw five months before it released the 'emergency' out-of-band ms10-002 patch to finally fix the problem yesterday. The release was hurriedly cobbled together to patch the hole in Internet Explorer that was thought to have given Chinese hackers, possibly working for China's government, access to Google's internal systems and human rights activists' Gmail accounts. http://www.theinquirer.net/inquirer/...e6-flaw-months __________________

22nd January 2010, 18:15	#3
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,021	...think you misread this. an exploit on client's end using IE bug. says nothing about google using IE __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Microsoft to release fix for Windows Shortcut flaw on Monday	jmke	WebNews	0	31st July 2010 12:06
Microsoft warns of TLS/SSL flaw in Windows	jmke	WebNews	0	10th February 2010 13:28
Microsoft warns of IE flaw, turns PC into public file server	jmke	WebNews	0	5th February 2010 09:48
Microsoft patching "Google hack" flaw in IE tomorrow	jmke	WebNews	1	21st January 2010 09:56
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch	jmke	WebNews	0	14th April 2009 18:47
Microsoft Security Bulletin Summary for September 2008	jmke	WebNews	0	9th September 2008 19:20
Microsoft Security Bulletin Summary for August 2007	jmke	WebNews	0	14th August 2007 22:21
Microsoft investigates potential new IE flaw	Sidney	WebNews	0	18th August 2005 18:15

22nd January 2010, 17:45	#2
Rutar Posts: n/a	Someone at google actually uses IE? O—o

22nd January 2010, 18:39	#4
Rutar Posts: n/a	How did they Access the internal Systems then?