Skip to main content
  1. Home
  2. Computing
  3. News

Internet Explorer Zero-Day Bug Used in Google Attack

By
internet-explorer-logo
Image used with permission by copyright holder

Microsoft has acknowledged a so-called zero-day vulnerability in Microsoft Internet Explorer was used in attacks on Google and 20 or more other companies doing business doing business in China. Microsoft’s notification about the flaw coincided with a public statement from computer security firm McAfee, describing the bug and how it was used to target Google and other corporate networks.

The flaw impacts all officially supported combinations of Microsoft’s Internet Explorer browser and Windows operating system, with the sole exception of using very-old Internet Explorer 5.01 on Windows 2000 Service Pack 4. That means that essentially anyone using Internet Explorer 6, 7, or 8 on Windows 2000 SP4, Windows XP, Windows Vista, Windows 7, and Windows Server is vulnerable to the problem, across both 32- and 64-bit versions of the operating systems.

Recommended Videos

Attackers—which VeriSign’s iDefense has identified as the Chinese government or agents thereof—exploited the flaw by sending messages to targeted Google employees, forged to look like they were from a trusted source. If a user clicked a malicious link in the message, the users’ computers were compromised, downloading and installing backdoor software that enabled attackers to gain complete control of the computer. Presumably, from there, attackers monitored computer usage and data in an effort to obtain passwords and other valuable information.

Related

McAfee is dubbing the attacks against Google and other companies’ operations in China “operation Aurora” because the word “Aurora” appears in file paths included in two of the malware binaries associated with the attack. The pathname would presumably have come from the attackers’ systems. McAfee describes “Operation Aurora” as a coordinated, highly targeted attack going after high profiled companies and their intellectual property, coordinated to take place while many employees were away on December holidays to maximize the amount of time the attack could operate. “All I can say is wow,” wrote McAfee CTO George Kurtz. “The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”

Editors’ Recommendations

Topics
Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Internet Explorer’s slow death has finally come to an end
An Internet Explorer desktop icon.

Today, Microsoft is concluding the retirement and end-of-life support for its Internet Explorer browser.

This will finalize a months-long transition from Internet Explorer to Microsoft Edge. Edge has been the brand's primary browser since early 2020, which now comes as the default browser on new Windows devices.

Read more
Why nearly 50% of Windows 10 users still cling to Internet Explorer
Laptop running Internet Explorer.

In an unexpected development, it seems that many users just can't let Internet Explorer go. Although the browser is retiring, new research shows that up to 47% of Windows 10 devices still use Explorer as their browser.

Seeing as Microsoft has announced its retirement in 2020, users have been given plenty of time to move on to a different browser -- so why is it that so many still choose to stick with Explorer?

Read more
Upcoming Windows update will kill Internet Explorer for good
windows 10 june update will kill internet explorer for good poznan pol may 1 2021 laptop computer displaying logo

Internet Explorer is set to have its final end-of-life update on June 15. The Windows 10 update will be sent out to PCs after that date, disabling the browser and wiping it from devices.

While Microsoft has detailed its plans to retire Internet Explorer since May 2021, the Redmond, Washington company says the upcoming end-of-life update will disable the browser in a fashion that will redirect users to the Microsoft Edge browser when they try to access the feature.

Read more