January 15, 2010

More details are beginning to emerge as the technology community further investigates hacks that originated in China that targeted Google and other corporations. Yesterday afternoon, Microsoft announced that a vulnerability in Internet Explorer was exploited as part of the hacks.From the Microsoft Security Response Center (MSRC):

Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks. Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer. Additionally, we are cooperating with Google and other companies, as well as authorities and other industry partners.

Microsoft reports that the scope of the threat appears to be limited to these targeted attacks, minimizing widespread customer impact.

From the MSRC:

It is important to note that complex attacks targeting specific corporate networks are becoming more prevalent in the threat landscape, therefore organizations should follow defense-in-depth best practices, and deploy multiple layers of protection to improve their security posture. In addition, Protected Mode in IE 7 on Windows Vista and later significantly reduces the ability of an attacker to impact data on a user's machine. Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.