Patch arrives for IE hole targeted by Chinese

Yardena arar
By Yardena Arar

As of this writing, Microsoft is scheduled to release on Jan. 21 an update that fixes the Internet Explorer vulnerability behind the recent, highly publicized cyberattacks on Google and other major corporations.

The sophisticated “Aurora” exploit is delivered through common file attachments or links — typically in e-mail or other messages that appear to come from trusted sources — but proven security measures and a little common sense can negate all such threats.

The first reports of the cyberattacks that prompted Google to threaten withdrawal from China were alarming indeed. So was Microsoft’s first official response, in MS security bulletin 979352, which described the scope of the newly discovered IE vulnerability.

The flaw permits remote code execution by what Microsoft describes as a “specially crafted attack” that affects most versions of Internet Explorer:

  • IE 6 SP1 on Windows 2000 SP4

  • IE 6, 7, and 8 on Windows XP, Vista, Windows 7, Windows Server 2003, and Windows Server 2008 and Server 2008 R2
Not vulnerable, according to the security bulletin, is Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2010-01-21:

Yardena Arar

About Yardena Arar

Yardena Arar has written about technology for the New York Times, the Canadian Press, the Associated Press, and the Los Angeles Daily News. She was an editor at PC World magazine from 1996 to 2009, and is now a PC World contributing editor.