In January of 2011, a major security hole in Microsoft Internet Explorer was publicly posted. Today, Google issued a warning that this security hole was being “actively exploited.” This MHTML exploit apparently shows a “high level of sophistication.”
MHTML exploit in Internet Explorer
Google’s security warning, issued Monday morning, indicated that anyone using Google’s services through Internet Explorer was vulnerable to an attack. MHTML is a service that parses multiple HTML pages using MIME — Multipurpose Internet Mail Extensions. This code is often used to display e-mail and sign-in services. Most webpages have some kind of MIME encoding for web browsers to read. The exploit can reveal the information held in sign-in services to a hacker.
Known security exploit
This security exploit in Internet Explorer was first discussed in 2004. Over the last seven years, the exploit has been discovered and re-discovered several times. In January of 2011, Microsoft was called out for this security exploit yet again. The public discussion about this exploit pointed out that while it is possible to make use of the exploit, it would be difficult to do so. Microsoft has not yet released a permanent fix for this security exploit, though the company is offering a temporary fix until the issue can be solved. Google is also making fixes on its servers that will help minimize the attack. If you do use Microsoft Internet Explorer, installing the security fix is the first step toward ensuring your information is kept secure.
Google calls IE attack sophisticated
Google is not officially releasing information about which services or users appear to be targeted by the attacks. However, Google has said that the attacks do seem to be “very sophisticated” and follow the same trend as the attacks that targeted political activists in certain countries. Though not made by Google or Microsoft, many industry watchers have called out China as a possible perpetrator of the attacks. “State-supported” computer hacking has been an often-discussed issue, and attacks from one country targeted at another have been becoming more common. This particular attack may not be a state-sponsored hack, but it shows the importance of competing companies working together to ensure network security.