Internet Explorer flaw being used in online attacksMarch 12, 2011 - 11:33 AMT PanARMENIAN.Net - An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks. The flaw, which has not yet been patched, has been used in "limited, targeted attacks," Microsoft said in an update to its security advisory on the issue. Google concurred, and offered a few more details. "We've noticed some highly targeted and apparently politically motivated attacks against our users," Google said in blog post. "We believe activists may have been a specific target. We've also seen attacks against users of another popular social site." According to the IDG News Service, the attack is triggered when the victim is tricked into visiting a maliciously encoded Web page - what's known as a Web drive-by attack. It gives the attacker a way of hijacking the victims browser and accessing Web applications without authorization. The flaw lies in the Windows mshtml.dll software library used by Internet Explorer, and affects all currently supported versions of Windows. Microsoft has released a Fixit tool that users can download to repair the problem, but has not said when, or even if, it plans to push out a comprehensive security update to all users. The bug has been a bone of contention between Google and Microsoft. On January 1, Google engineer Michal Zalewski released a hacking tool that could be used to find the bug, along with some technical details, saying that he was concerned that Chinese hackers may have already discovered the problem. He said that he warned Microsoft about the flaw back in July. Microsoft maintains that it was unable to reproduce the problem until December. Google isn't saying who exactly was targeted in this latest incident, but Chinese activist groups have been the focus of cyber attacks in the past. Now that the flaw is being exploited in attacks, the pressure is mounting on Microsoft to produce a reliable patch for the issue that can be pushed out to hundreds of millions of customers. "For now, we recommend concerned users and corporations seriously consider deploying Microsoft's temporary Fixit to block this attack until an official patch is available," Google said.   Top stories Yerevan will host the 2024 edition of the World Congress On Information Technology (WCIT). Rustam Badasyan said due to the lack of such regulation, the state budget is deprived of VAT revenues. Krisp’s smart noise suppression tech silences ambient sounds and isolates your voice for calls. Gurgen Khachatryan claimed that the "illegalities have been taking place in 2020."   Partner news Most popular in the section |  Latest news Titus, Bilirakis lead legislation to sanction Azerbaijani war criminals  Representatives Dina Titus (D-NV) and Gus Bilirakis (R-FL) have introduced the bipartisan legislation.Azerbaijan must respect human rights, Scholz tells Aliyev German Chancellor Olaf Scholz has called for greater respect for human rights in Azerbaijan.Armenia: Defense Ministry warns against involving army in political processes The Ministry’s statement came after a video surfaced online, showing soldiers joining the protests in Tavush.Scholz hopes Armenia-Azerbaijan peace treaty will be signed this year German Chancellor Olaf Scholz hopes that a peace treaty between Armenia and Azerbaijan will be signed this year. |
