Skip to content


Behind the Google attacks

Internet Explorer logoApparently the method used in compromising the Google emails last week (termed Aurora) was traced to an as yet unknown security hole in Internet Explorer.  Microsoft claims that the security flaw is limited to Internet Explorer 6 and Windows XP only and very unlikely under Windows Vista or Windows 7, however  experts, including McAfee disagree with Microsoft’s threat assessment.

http://www.mcafee.com/us/threat_center/aurora_enterprise.html

http://www.betanews.com/joewilcox/article/Should-you-dump-Internet-Explorer-NOW/1263750606

http://news.bbc.co.uk/2/hi/technology/8465038.stm

Even if you take Microsoft’s claim at face value, XP must be SP3 or later and Vista SP1, assuming the user didn’t disable Data Execution Prevention (DEP). Furthermore, DEP is not a panacea against memory buffer overflow attcks, as stated here:

http://www.microsoft.com/windows/internet-explorer/readiness/developers-existing.aspx

McAfee has so far explored only one of the attach vectors exploited in the Aurora attack.  There may be, and likely are, more which we don’t know about, yet, and in fact those vectors may extend to Firefox, Opera and Chrome.  We just don’t know yet.

Microsoft will likely come up with an out-of-band patch shortly.  Until then, I am recommending using Firefox (all patched up, of course).

Experts, including the citation in my original message and McAfee disagree
with Microsoft's threat assessment.

http://www.mcafee.com/us/threat_center/aurora_enterprise.html

XP must be SP3 or later and Vista SP1, assuming the user didn't disable
Data Execution Precention (DEP). Furthermore, DEP is not a panacea against
memory buffer overflow attcks, as stated here:

http://www.microsoft.com/windows/internet-explorer/readiness/developers-existing.aspx

McAfee has so far explored only one of the attach vectors exploited in the
Aurora attack.  There may be, and likely are, more which we don't know
about, yet, and in fact those vectors may extend to Firefox, Opera and
Chrome.  We just don't know yet.

Microsoft will likely come up with an out-of-band patch shortly.  Until
then, I am recommending using Friefox (all patched up, of course).

Posted in Microsoft, Security, Windows.


One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Continuing the Discussion

  1. Microsoft Releases IE Patch for Aurora Vulnerability | Tech News linked to this post on 01/21/2010

    […] Today, Microsoft released a patch (KB978207) to address the IE security hole discovered after the Google attacks of last week.  Interestingly, if you notice the patch isn’t just for IE6, but also IE7 and IE8, as discussed in our previous post. […]