Google Users targeted with Windows Exploit


Recommended Posts

  Quote
Highly targeted, politically motivated attacks that affect all supported versions of Microsoft?s Windows operating system are being carried out on Google users, requiring the search giant to issue a bulletin warning those who use its services.

Attacks on Google users utilise an unpatched MHTML vulnerability that, although disclosed in January, allows attackers to steal sensitive information by exploiting the way Internet Explorer users on Windows parses MIME-formatted webpages, also allowing trusted websites to be spoofed and actions to be performed without authorisation.

Microsoft has issued a temporary fix but it is unknown how long it will be until a full patch is released.

Google, worried that its users were at risk, issued a warning via its Online Security blog, stating that the company believed activists were the target of the attacks. Interestingly, the post noted that users of another popular social site (possibly Facebook, which will not confirm either way) were also being targeted:

We?ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We?ve also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011. Users browsing with the Internet Explorer browser are affected.

For now, we recommend concerned users and corporations seriously consider deploying Microsoft?s temporary Fixit to block this attack until an official patch is available.

Google says that it has deployed ?various server-side defences? to make the the MHTML vulnerability harder to exploit, adding that although the measures are in place, they cannot be guaranteed to be 100% reliable. With that in mind, the company is in contact with Microsoft to work on a solution for the issue.

If you are an Internet Explorer user and want to make sure you are not vulnerable to the MHTML exploit, head to Microsoft?s patch page and install the update.

TNW

  On 13/03/2011 at 16:58, z0phi3l said:

Again who in their right mind would still be using IE?

Again who in their right mind would still be using Firefox ?

It's a shame that people feel the need to exploit an operating system to steal details and information from others. I hope everyone who runs Internet Explorer has the sense to download the patch, assuming Internet Explorer 9 did not come with it bundled. I am glad I don't use Internet Explorer for reasons like these. :/

  On 13/03/2011 at 17:09, xMP44x said:

It's a shame that people feel the need to exploit an operating system to steal details and information from others. I hope everyone who runs Internet Explorer has the sense to download the patch, assuming Internet Explorer 9 did not come with it bundled. I am glad I don't use Internet Explorer for reasons like these. :/

Because other browsers don't have problems like these? IE9 doesn't have it since you bring that up.

  On 15/03/2011 at 16:12, Growled said:

Moral of the story, be security aware always, and that includes being up to date on patching and using other secure software.

Actually I think this is a Zero Day that Microsoft hasn't patched yet.

But they do have a fixit tool available

http://support.microsoft.com/kb/2501696

Security Now episode 291

  Quote

Steve: Well, yes, we are just past our standard second Tuesday of the month. So Microsoft has actually a rather lean response this month. They fixed four different vulnerabilities, one which was critical in their media playback which affected all the recent OSes - XP, Vista, and Windows 7 - such that, if you went to a site that had a specially crafted malicious video, it could execute code on your machine. That they fixed.

The bad news is the zero-day exploit, which we have talked about recently, the so-called MHTML exploit - MHTML is sort of a pseudo protocol. In the same way that we have HTTP:, Microsoft defines MHTML: as a way to invoke MIME-encoded HTML. We talked about how that's used for archiving whole web pages, in the same way that MIME stands for Multipart, what is it, Multipart Internet Message Extension or something?

Leo: Yeah, something like that.

Steve: For allowing email to contain nontextual things, like photos and so forth, MIME is how you do that. Similarly, this is how Microsoft has their own proprietary format for storing an entire web page including all of its assets, its other photos and so forth. There's a problem with it such that, if you go to a website that invokes this protocol, similarly they're able to get their own code to run on your machine. Well, that didn't get fixed this Tuesday, and I was hoping it was because it is being actively exploited in the wild.

So I wanted to remind our listeners that there is a one-click easy Fixit button that Microsoft offers. If you go to go.microsoft.com, then ?linkid=9760419, that will take you to this page with the quick fix dealie that just disables that protocol. And probably everyone, I mean, it's one of those things that's on by default. It's got a problem in it that, if you don't know you need it, you probably don't. So, I mean, I immediately went there and just said, I don't need this, I'm turning it off. And had Microsoft fixed it a couple days ago, we'd probably be okay. But like these things, now that it's seen that Microsoft hasn't fixed it, we can expect more exploits to happen. So...

Leo: It's a "sit up and take notice" to hackers.

Steve: It's a problem, yes, exactly. They're saying, hey, we've got another month, probably. So let's jump on this. So more important to do that. So I don't know what you could Google to get there. It's MHTML exploit, but you can go to go.microsoft.com/?linkid=9760419.

Leo: And I get a download, immediate download when I go there. So you're getting a .msi file, an installer.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Seem like they are seeking for a one size fits all. You have power users and "what's a computer" generation growing up on phones, tablets, and Chromebooks.
    • Guessing it was profitable enough inserting prompted apps vs the hate it generated.
    • Also good for Debugging or troubleshooting your game.. i dont get it why nvidia app or amd does not show this data.. if steam can do it..
    • Microsoft reportedly planning to lay off thousands of employees, mostly in sales by Usama Jawad Back in May 2025, Microsoft decided to lay off 3% of its workforce, which amounted to roughly 6,000 employees. It claimed that this decision allowed it to implement better organizational changes in a "dynamic marketplace". Now, a new report claims that the Redmond tech firm is planning to lay off thousands more next month. Citing unnamed sources, Bloomberg reports that as the company continues investing heavily in its AI ventures, it is about to announce layoffs of thousands of workers as early as next month. This reduction in workforce will primarily affect sales teams, but they won't be the only ones affected. That said, the sources did mention that the timing for this announcement may change. This move, if true, won't be entirely surprising. In April 2025, Microsoft announced that it will be relying more on third-party firms to sell its software to small- and medium-sized customers. It's currently unclear how many employees will be impacted by this change, but even if the layoff percentage is in the single digits, it would still be significant as it would be impacting the professional careers of thousands. The May 2025 layoffs primarily impacted engineering and product teams. The other major round of layoffs prior to this was the decision to eliminate 10,000 jobs back in January 2023. Those represented 5% of the total workforce at that time, with numerous teams, including the one leading Mixed Reality (MR) efforts, being heavily impacted. It is interesting to note that if the timing of the announcement for layoffs is accurate, it would be soon after Microsoft closes its fiscal year at the end of June 2025. Although we'll get financial reports for the latest quarter soon after too, one has to wonder what the human cost of profit is, as Microsoft continues to report billions of dollars in revenue every quarter. Source: Bloomberg (paywall)
  • Recent Achievements

    • First Post
      Fuzz_c earned a badge
      First Post
    • First Post
      TIGOSS earned a badge
      First Post
    • Week One Done
      slackerzz earned a badge
      Week One Done
    • Week One Done
      vivetool earned a badge
      Week One Done
    • Reacting Well
      pnajbar earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      704
    2. 2
      ATLien_0
      285
    3. 3
      Michael Scrip
      214
    4. 4
      +FloatingFatMan
      194
    5. 5
      Steven P.
      131
  • Tell a friend

    Love Neowin? Tell a friend!