Microsoft has confirmed that a co-ordinated attack by cybercriminals on Google used a security weakness found in its Internet Explorer browser.
The flaw was exploited by hackers – reportedly based in mainland China – to steal intellectual property from Google and reportedly more than 20 other Silicon Valley-based companies in mid-December.
Aside from Google, software developer Adobe is so far the only company to reveal that it was affected by last year’s attack. Earlier this month, Adobe released a critical security patch for both its Reader and Acrobat software, which has led to suggestions that both of these programs may have been compromised.
Mike Reavey, director of Microsoft Security Response Center, confirmed the vulnerability in an official blog post following claims from security software vendor McAfee. “We have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,” he said. Reavey added that Microsoft is currently working on a patch to correct the problem, but gave no indication of when it will be made public.
According to Google, the intention of the December strike was for hackers to gain access to Gmail accounts held by a number of campaigners for human rights in China.
Meanwhile, Microsoft chief executive Steve Ballmer has reassured investors that the company has no intention of following Google’s example and withdrawing from the Chinese market.