Security Patch Follows Google Attack

Microsoft has announced it will release a security patch for Internet Explorer aimed at fixing the vulnerability that enabled a hacker to attack the networks of Google and dozens of other companies.

Google reported last week that the attack, originating inside China, compromised some of its intellectual property. Gmail accounts belonging to several Chinese human-rights activists as well as journalists working in the country were also accessed.

As the Seattle Post-Intelligencer reported on its Microsoft blog Wednesday, users who have automatic updates enabled don’t have to do anything to obtain the patch. For those who don’t have such automatic settings, Microsoft recommends they install the patch as soon as possible.


Microsoft has said that a previously unknown flaw in the IE 6 operating system provided an opening for the China hackers. Dave Marcus, director of security research and communications at the McAfee security company, said the problem intensified last week when the malware code used in the attack became publicly available. PC World reported that “a hacker could use the code to run unauthorized software on a victim’s computer by tricking them into viewing a maliciously crafted Web page.”

The cyber-attack, which occurred late last year, has prompted Google to talk of abandoning its operations in China, which is one of the world’s largest – and most lucrative – online markets. The country has 384 million Internet users, accounting for one-fifth of the global online audience of 1.73 billion, according to the Financial Times.


Google opened up shop in China in 2006, and rationalized its decision to censor the search results on www.Google.cn (purging references to democratic Taiwan, for example) by saying some information was better than none.

But the strategy has backfired, some free-information advocates say, as China has developed its own Internet ecosystem – one that has much different rules than those to which the West is accustomed. A legion of hackers called the Hong Ke (“red visitors”) who are fiercely patriotic and possibly aligned with the Chinese government routinely attack large corporations, Reuters reported.


The revelation that IE, not Google’s own Chrome operating system, provided the mouse hole for the attackers, has brought out critics and defenders of Microsoft’s flagship browser. Both Germany and France urge users to drop it, but PC World’s Tom Bradley says says such reactions are “shortsighted and may create a false sense of security,” noting that there could be other flaws in other browsers out there.

“There is a fair chance that Internet Explorer is not alone in enabling the attacks,” he wrote.