Microsoft has admitted that a flaw in its Internet Explorer web browser enabled hackers to gain access to Google’s system, an event that resulted in Google threatening to pull its operations in China.
In a post on its Microsoft Security Response Center, director Mike Reavey said that a bug within Internet Explorer could allow hackers to remotely run programs on infected machines.
“Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,” Reavey wrote.
“Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6 at this time,” Reavey said. “Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out of band.”
Reavey added that all companies should be more aware of potential security issues and make sure that their security software is up-to-date. “It is important to note that complex attacks targeting specific corporate networks are becoming more prevalent in the threat landscape, therefore organisations should follow defence-in-depth best practices, and deploy multiple layers of protection to improve their security posture,” he said.
Following the attacks, which targeted human rights activists and were believed to have originated in China, Google said that is was no longer willing to censor its search results in the country. The claim is likely to mean that Google’s entire Chinese operation will shut, as the Chinese government is very strict about what information its citizens can access online.