Highly targeted, politically motivated attacks that affect all supported versions of Microsoft’s Windows operating system are being carried out on Google users, requiring the search giant to issue a bulletin warning those who use its services.
Attacks on Google users utilise an unpatched MHTML vulnerability that, although disclosed in January, allows attackers to steal sensitive information by exploiting the way Internet Explorer users on Windows parses MIME-formatted webpages, also allowing trusted websites to be spoofed and actions to be performed without authorisation.
Microsoft has issued atemporary fixbut it is unknown how long it will be until a full patch is released.
Google, worried that its users were at risk, issued a warning via itsOnline Security blog, stating that the company believed activists were the target of the attacks. Interestingly, the post noted that users of another popular social site (possibly Facebook, which will not confirm either way) were also being targeted:
We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosedMHTML vulnerabilityfor which an exploit was publicly posted in January 2011. Users browsing with the Internet Explorer browser are affected.
For now, we recommend concerned users and corporations seriously considerdeploying Microsoft’s temporary Fixitto block this attack until an official patch is available.
Google says that it has deployed “various server-side defences” to make the the MHTML vulnerability harder to exploit, adding that although the measures are in place, they cannot be guaranteed to be 100% reliable. With that in mind, the company is in contact with Microsoft to work on a solution for the issue.
Calling all Scaleup founders! Join the Soonicorn Summit on November 28 in Amsterdam.
Meet with the leaders of Picnic, Miro, Carbon Equity and more during this exclusive event dedicated to Scaleup Founders!
If you are an Internet Explorer user and want to make sure you are not vulnerable to the MHTML exploit, head to Microsoft’spatch pageand install the update.
Story byMatt Brian
Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him(show all)Matt is the former News Editor for The Next Web. You can follow him onTwitter, subscribe to his updates onFacebookand catch up with him onGoogle+.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
