IE patch for the Google (+33) attack coming, out of cycle
Microsoft announced today that it will issue an out-of-cycle patch for the Internet Explorer (IE) flaw that was central to the cyberattacks on Google and 33 other Silicon Valley companies.
(Note added January 20, 2010: Microsoft announced today that it will release a patch to fix this latest hole in IE, on Thursday. An exploit has been published on the Internet since last week. Microsoft plans to release the patch as close to 10 AM PST on Thursday as possible and host a public webcast at 1 PM PST, according to the security advisory. Microsoft recommends “that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.” Microsoft updated its security advisory on the vulnerability to include technical details to address additional products that may be affected by this vulnerability and to provide guidance related to reports of proof of concept code that bypasses the Data Encryption Protection that can mitigate against attacks. McAfee announced today the availability of a fee tool that people can use to detect and remove any malware related to “Operation Aurora,” which is the name that they gave to the attacks on Google and the other companies. According to CNET,
“The “Aurora Stinger” tool from McAfee also includes a link to the cloud-based McAfee Global Threat Intelligence, McAfee Chief Technology Officer George Kurtz said in a blog post. “This means it will also pick up on newly discovered variants in real time without requiring an update to the signature files that come with the tool,” he said.”
Good to hear from you again, Ms. Mills!)
The vulnerability affects IE 6, 7, and 8, although Microsoft has stated that attacks have been successful only on systems running IE 6. Microsoft had advised IE users to upgrade to IE 8 
to protect themselves against the attacks. The French and German governments have warned computer users in their countries to avoid using Internet Explorer until Microsoft patches the vulnerability.
Researchers from Vupen Security reported that the technology designed to mitigate attack in IE 8 can be bypassed. According to CNET, a Microsoft spokesperson said:
Microsoft did not provide a date for the patch but will elaborate on Wednesday. (See above.)
(Update added January 22, 2010: Microsoft released a “cumulative critical” patch for the “Google attack” flaw in IE yesterday, along with seven other “holes” in IE. )
You can download a version of Firefox [Mac or PC] in an International edition that “speaks your language” here. You can download versions of Safari for Mac or PC here. (Not endorsements….) (Note added January 22, 2010: With the release of the cumulative critical patch above, such downloads are not “strictly necessary” anymore, they are just good ideas.)
-Bill at
Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”
You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.
©2010 William F. Hackett. All Rights Reserved.
