Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft hustles, patches IE to ward off increasing attacks

Gregg Keizer | Sept. 24, 2012
Microsoft today released an emergency patch for Internet Explorer to stymie active attacks that have been exploiting a bug in the browser, finishing a job it started only Monday.

Aurora was notable because of its targets: Hackers broke into Google's network, and those of other Western companies, in late 2009 and early 2010 by exploiting a zero-day bug in IE6. Google accused Chinese hackers of the attacks, a charge that prompted the search giant to threaten a shutdown of its Chinese operations.

Because IE10 was not affected by the recent zero-day vulnerability, Storms suspected that Microsoft may have known of the flaw before it publicly surfaced. That would go a long ways in explaining the speed with which it fixed the bug.

"On one hand, it may show just what they can do in a limited time after saying they had increased resources of the IE security team," said Storms of the Microsoft announcement in July. "Or, since we know it was fixed in IE10, they may have had the background work already done [on other editions]. Unless they come out and tell us, though, we'll never know [which is accurate]."

Windows users can obtain MS12-063 via the Microsoft Update and Windows Update services, as well as through the enterprise-grade WSUS (Windows Server Update Services).

 

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.