Microsoft fixes browser flaw used in Google breach
By JESSICA MINTZ, AP Technology Writer Jessica Mintz, Ap Technology Writer
SEATTLE – Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave China.
The updates are for all supported versions of Internet Explorer, from IE 5.01 up through the newest IE 8.
People who have their computers set to install security updates automatically will get the fix. PC users who don't automatically get updates should go to http://www.microsoft.com/security to download the patch.
Microsoft said it learned of the problems last fall and was already planning to release the fixes in February. Last week, it confirmed that the attacks described by Google Inc. took advantage of the same flaw.
Hackers can lure people to Web pages containing malicious code, then exploit the browser flaw to take over their computers. Attackers in China may have used the flaw to break into e-mail accounts of human rights activists who oppose the Chinese government's policies.
Microsoft seldom releases security patches outside its regular, once-a-month update cycle, but has been known to rush out patches for so-called "zero-day" exploits in which hackers attack a software hole before the company has a chance to find a fix. The last time Microsoft broke from its security update schedule was in July 2009.
On the Net: