Knowledge's Blog

All browsers greedily suck up processor and RAM resources, slowing and even stalling PCs — but you can help put an end to your browser’s piggish ways.

Last week’s cyber attacks, that targeted Google and several other large U.S. companies, has certainly gotten Microsoft’s attention. The attack was orchestrated, in part, through a zero-day flaw in Internet Explorer (IE). The flaw seems to be obscure, and restricted to IE 6 and IE 7, but that hasn’t stopped Microsoft from releasing an out-of-cycle patch for IE.

Microsoft has acknowledgde the flaw, and says the “vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”

Microsoft, in an announcement posted today, says the confusion surrounding this particular attack has compelled Microsoft to act now. Microsoft’s primary advice: upgrade to IE 8, which is not affected by this flaw. If you don’t plan to upgrade, then updates for earlier versions will be made available, with specific timing of the updates to be announced tomorrow. In the meantime, Microsoft suggests using the workarounds and mitigations provided in Security Advisory 979352.

A critical zero-day flaw in Internet Explorer was exploited as part of the attack on Google and other companies, according to both Microsoft and McAfee.

The flaw allows for a Web-based attack against IE 6 SP 1 on Windows 2000, along with IE 7 and 8 on XP, Server 2003, Vista, Server 2008, Windows 7 and Windows Server 2008 R2. According to Microsoft’s security advisory, the company has only seen active attacks against IE 6 so far.

Those attacks were part of the campaign against Google, Adobe and other major companies that sought to break into the Gmail accounts of Chinese human rights activists. In response, Google has threatened to stop censoring search results on its Google.cn site, or to shut it down entirely.

The invalid pointer reference flaw allows for remote code execution, according to Microsoft, which means that viewing a malicious Web site could allow an attacker to execute any command on a vulerable computer. Typically that would mean installing a Trojan or other malicious software. According to the bulletin, IE’s Protected Mode on Vista and later versions of Windows mitigates the threat, which could also be leveraged by a banner ad.

Setting IE’s Internet zone security to high will protect against the threat, according to Microsoft, as of course would using an alternate Web browser. Redmond says it may release an out-of-band patch for this threat outside of the normal monthly patch cyle.

Also, while antivirus maker McAfee warns that “there very well may be other attack vectors that are not known to us at this time,” the company says that its investigations into the attacks “have not shown a vulnerability in Adobe Reader being a factor in these attacks.” According to McAfee’s analysis, the malware that hit the IE flaw opens a back door on victim PCs, which allowed the attackers to take complete control. (Note: the link provided by McAfee for its post is not currently responding.)

SAN FRANCISCO – China’s government gave little indication Thursday that it’s willing to loosen its control over Internet search results, pushing Google Inc. closer to the brink of closing up shop and leaving the country.

In the government’s first official statement since Google issued its ultimatum two days earlier, a Chinese official endorsed the country’s current rules governing Internet content.

“China’s Internet is open,” said Jiang Yu, a foreign ministry spokeswoman. “China welcomes international Internet enterprises to conduct business in China according to law.”

Google is still hoping that it can persuade the Chinese government to agree to changes that would enable its China-based search engine to show uncensored search results. “We are optimists,” Google spokesman Scott Rubin said.

If a compromise isn’t worked out within the next few weeks, the company intends to shut down its search engine at Google.cn and pull out of China completely. Rubin said Google hasn’t set a deadline for breaking the impasse.

Google has been in touch with the Chinese government to alert officials about its plans, but Rubin didn’t know whether the two sides have scheduled additional meetings yet. Click here to read more.. »

Security firm McAfee said today that the recent China-based attack on Google and other companies was the result of a new security hole in Internet Explorer. McAfee says the vulnerability is not publicly known, but they have informed Microsoft and expects them to take action soon. So a Microsoft product could be the indirect cause of Google pulling out of China. This must be Microsoft’s favorite software vulnerability ever.

McAfee’s George Kurtz wrote on the companies official blog, “These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.” Kurtz was also careful to point out that they have only confirmed that Internet Explorer was a vector of attack; there could have been others.

Further, McAfee says they have cleared Adobe Reader of involvement in the attacks. This comes after several reports implicated the oft exploited software suite.

Plus: A massive Microsoft patch batch, and fixes for Adobe Reader and Acrobat.

Redmond turned red-faced upon learning that an automatically installed Microsoft Windows Presentation Foundation plug-in for Firefox opened a major security hole. Following Microsoft’s disclosure of the bug, Mozilla blocked the plug-in. According to Mozilla, Microsoft agreed with the move, even though it had released a patch to close the underlying flaw.

Simultaneously,The move coincided with Mozilla’s launch of a new Plugin Check page designed to identify and update old and vulnerable plug-ins. The page checks only certain popular plug-ins right now, but it’s a simple and handy security tool.

And to top off your Mozilla updates, be sure to pick up the Firefox 3.0.15 or 3.5.5 updates. These new versions close holes that mightcan allow JavaScript and other attacks. Click Help, Check for Up­­dates to ensure that you have the latest version. Click here to read more.. »