Microsoft has released an update that fixes the Internet Explorer vulnerability behind the recent, highly publicized cyberattacks on Google and other major corporations.
The sophisticated “Aurora” exploit is delivered through common file attachments or links — typically in e-mail or other messages that appear to come from trusted sources — but proven security measures and a little common sense can negate all such threats.
The first reports of the cyberattacks that prompted Google to threaten withdrawal from China were alarming indeed. So was Microsoft’s first official response, in MS security bulletin 979352. To know more about the IE vulnerability, visit:
The flaw permits remote code execution by what Microsoft describes as a “specially crafted attack” that affects most versions of Internet Explorer:
IE 6 SP1 on Windows 2000 SP4
IE 6, 7, and 8 on Windows XP, Vista, Windows 7, Windows Server 2003, and Windows Server 2008 and Server 2008 R2
You can download the patch from the security bulletin from the below link:
Security analysts and Microsoft agree that the attacks have a high social-engineering component: the targeted victims have to trigger the attacks by clicking a link or infected attachment (commonly an Adobe PDF or Flash file) delivered in e-mail, instant messages, or other electronic communication appearing to come from a trusted source.