Skip to main content

IE flaws may be responsible for state-sponsored Gmail hacks

Earlier this month, Google said it would issue security warnings about state-sponsored attacks to a "subset" of its users. The search giant declined to go into detail about the need for such warnings, but a new report suggests that they might be tied to a flaw that's exploited via Internet Explorer.

Microsoft this week warned of a vulnerability that "could allow remote code execution if a user views a specially crafted webpage using Internet Explorer." According to ZDNet, this flaw prompted Google's state-sponsored attack warnings.

A Google spokesman declined to comment on the Microsoft warning, and pointed to the company's earlier blog post.

In a statement, Yunsun Wee, director of Microsoft Trustworthy Computing, said the company "released a Fix it in Security Advisory 2719615 as a safe, easily applied workaround to help protect customers from attackers attempting to exploit the MSXML issue through Internet Explorer."

"The vulnerability does not reside in IE but because the browser may be used as an attack vector, Microsoft encourages customers to apply the workaround to their browsers until we release a security update," Wee continued.

The warnings from Google appear in a bar atop Google's services; an example screen shot was attached to Gmail. Google said at the time that it couldn't "go into the details without giving away information that would be helpful to these bad actors," but said that its warnings were based on "detailed analysis-as well as victim reports."

According to the Microsoft security advisory, the vulnerability is most likely spread via a phishing attack.

"An attacker would have no way to force users to visit such a website," Microsoft said. "Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website."

Anyone who successfully used this hack would be able to "gain the same user rights as the logged on user," Microsoft said, with admins likely being affected more than the average PC user.

A year ago, Google discovered that a number of its Gmail account user names and passwords of personal accounts belonging to senior government officials, activists, and journalists, had been compromised.

That came after Google said in January 2010 there were attempts to hack into the Gmail accounts of Chinese human rights activists. At the time, Google pledged to no longer censor search results in China, even if that meant pulling out of the country entirely, and re-routed all traffic to the uncensored Unsurprisingly, a Chinese minister warned of "consequences" if Google continued redirecting its results. Finally, the two parties settled on a hybrid solution.

Problems in the region remain, however. Earlier this month, Google announced that it will display warnings to Search users in mainland China when their query is likely to result in an error beyond the search giant's control.