Google Users targeted with Windows Exploit


Recommended Posts

  Quote
Highly targeted, politically motivated attacks that affect all supported versions of Microsoft?s Windows operating system are being carried out on Google users, requiring the search giant to issue a bulletin warning those who use its services.

Attacks on Google users utilise an unpatched MHTML vulnerability that, although disclosed in January, allows attackers to steal sensitive information by exploiting the way Internet Explorer users on Windows parses MIME-formatted webpages, also allowing trusted websites to be spoofed and actions to be performed without authorisation.

Microsoft has issued a temporary fix but it is unknown how long it will be until a full patch is released.

Google, worried that its users were at risk, issued a warning via its Online Security blog, stating that the company believed activists were the target of the attacks. Interestingly, the post noted that users of another popular social site (possibly Facebook, which will not confirm either way) were also being targeted:

We?ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We?ve also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011. Users browsing with the Internet Explorer browser are affected.

For now, we recommend concerned users and corporations seriously consider deploying Microsoft?s temporary Fixit to block this attack until an official patch is available.

Google says that it has deployed ?various server-side defences? to make the the MHTML vulnerability harder to exploit, adding that although the measures are in place, they cannot be guaranteed to be 100% reliable. With that in mind, the company is in contact with Microsoft to work on a solution for the issue.

If you are an Internet Explorer user and want to make sure you are not vulnerable to the MHTML exploit, head to Microsoft?s patch page and install the update.

TNW

  On 13/03/2011 at 16:58, z0phi3l said:

Again who in their right mind would still be using IE?

Again who in their right mind would still be using Firefox ?

It's a shame that people feel the need to exploit an operating system to steal details and information from others. I hope everyone who runs Internet Explorer has the sense to download the patch, assuming Internet Explorer 9 did not come with it bundled. I am glad I don't use Internet Explorer for reasons like these. :/

  On 13/03/2011 at 17:09, xMP44x said:

It's a shame that people feel the need to exploit an operating system to steal details and information from others. I hope everyone who runs Internet Explorer has the sense to download the patch, assuming Internet Explorer 9 did not come with it bundled. I am glad I don't use Internet Explorer for reasons like these. :/

Because other browsers don't have problems like these? IE9 doesn't have it since you bring that up.

  On 15/03/2011 at 16:12, Growled said:

Moral of the story, be security aware always, and that includes being up to date on patching and using other secure software.

Actually I think this is a Zero Day that Microsoft hasn't patched yet.

But they do have a fixit tool available

http://support.microsoft.com/kb/2501696

Security Now episode 291

  Quote

Steve: Well, yes, we are just past our standard second Tuesday of the month. So Microsoft has actually a rather lean response this month. They fixed four different vulnerabilities, one which was critical in their media playback which affected all the recent OSes - XP, Vista, and Windows 7 - such that, if you went to a site that had a specially crafted malicious video, it could execute code on your machine. That they fixed.

The bad news is the zero-day exploit, which we have talked about recently, the so-called MHTML exploit - MHTML is sort of a pseudo protocol. In the same way that we have HTTP:, Microsoft defines MHTML: as a way to invoke MIME-encoded HTML. We talked about how that's used for archiving whole web pages, in the same way that MIME stands for Multipart, what is it, Multipart Internet Message Extension or something?

Leo: Yeah, something like that.

Steve: For allowing email to contain nontextual things, like photos and so forth, MIME is how you do that. Similarly, this is how Microsoft has their own proprietary format for storing an entire web page including all of its assets, its other photos and so forth. There's a problem with it such that, if you go to a website that invokes this protocol, similarly they're able to get their own code to run on your machine. Well, that didn't get fixed this Tuesday, and I was hoping it was because it is being actively exploited in the wild.

So I wanted to remind our listeners that there is a one-click easy Fixit button that Microsoft offers. If you go to go.microsoft.com, then ?linkid=9760419, that will take you to this page with the quick fix dealie that just disables that protocol. And probably everyone, I mean, it's one of those things that's on by default. It's got a problem in it that, if you don't know you need it, you probably don't. So, I mean, I immediately went there and just said, I don't need this, I'm turning it off. And had Microsoft fixed it a couple days ago, we'd probably be okay. But like these things, now that it's seen that Microsoft hasn't fixed it, we can expect more exploits to happen. So...

Leo: It's a "sit up and take notice" to hackers.

Steve: It's a problem, yes, exactly. They're saying, hey, we've got another month, probably. So let's jump on this. So more important to do that. So I don't know what you could Google to get there. It's MHTML exploit, but you can go to go.microsoft.com/?linkid=9760419.

Leo: And I get a download, immediate download when I go there. So you're getting a .msi file, an installer.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • It's weird how some people don't know how to read the article... "If you remember the tests SpaceX was performing around 2012 with Grasshopper, well Honda is at about the same stage with its reusable rocket."
    • Microsoft Project 2021 Professional for Windows now just $9.97 by Steven Parker Today's highlighted deal comes from our Apps & Software section of the Neowin Deals store, where you can save $240 off Microsoft Project 2021 Professional for Windows. Be the boss of any project with Microsoft Project Professional 2021. This powerful yet easy-to-use app lets you stay on track, from small tasks to larger projects. Manage your projects more efficiently with the right timelines, budgets, and resources. You'll get automated scheduling tools as well as built-in reports to help you reduce inefficiencies and make better, informed decisions. Project management has never been this easy with Microsoft Project Pro. Lifetime license for Microsoft Project Professional 2021 One-time purchase installed on 1 Windows PC for use at home or work Instant Delivery & Download – access your software license keys and download links instantly Free customer service – only the best support! Why Microsoft Project Professional 2021? Pre-built templates help you get your project started on the right track Sync with Project Online and Project Server Submit timesheets to capture time spent on project and non-project work Run what-if scenarios to make the most of your task assignments Auto-populate start and end dates based on dependencies Visually represent complex schedules with built-in multiple timelines Supports Long-Term Servicing Channel (LTSC) and is compatible with Office LTSC and Office 2021 Good to know Length of access: lifetime Redemption deadline: redeem your code within 30 days of purchase Access options: desktop Max number of device(s): 1 Version: 2021 Pro Updates included Microsoft Project 2021 Professional for Windows normally costs $249.99, but it can be yours for just $14.97 for a limited time, that's a saving of $235. For terms, specifications, and license info please click the link below. Use MSO5 when checking out for additional $5 off. Coupon Expires June 29 Get Microsoft Project 2021 Professional for Windows for just $9.97, or learn more Although priced in U.S. dollars, this deal is available for digital purchase worldwide. We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • Weird how some people don't need to crash 7 rockets before they get it right.
    • Or it's a bug that can easily be fixed with an update. My guess is the limitation is there to prevent game makers from doing dumb things like having a racing game constantly rumble while the car is in motion. Sounds like the threshold or detection needs to be tweaked if it is triggering for no reason.
    • Nice I guess. Azure's DaaS feature has supported that for years. It's so odd to me how MS is deploying Azure and 365 DaaS as two totally different services with different features. I would think the 365 cloud desktops would just be a slightly dumbed down frontend that manages the same service.
  • Recent Achievements

    • Week One Done
      slackerzz earned a badge
      Week One Done
    • Week One Done
      vivetool earned a badge
      Week One Done
    • Reacting Well
      pnajbar earned a badge
      Reacting Well
    • Week One Done
      TBithoney earned a badge
      Week One Done
    • First Post
      xuxlix earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      676
    2. 2
      ATLien_0
      286
    3. 3
      Michael Scrip
      224
    4. 4
      +FloatingFatMan
      197
    5. 5
      Steven P.
      137
  • Tell a friend

    Love Neowin? Tell a friend!