Одоогийн байдлаар Хятадаас үүсэлтэй халдлагад Google-тэй нийлээд АНУ-ын 34-н компани өртсөн гэдгийг мэргэжилтнүүд тогтоогоод байгаа юм байна. Энэ халдлагыг хэрэгжүүлэхэд Microsoft компанийн Internet Explorer веб хөтөчийн алдааг (өөр бусад аргын хажуугаар) ашигласан бөгөөд Microsoft компани үүнтэй холбогдуулан анхааруулга гаргажээ.

Microsoft Security Advisory (979352)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: January 14, 2010 | Updated: January 15, 2010
http://www.microsoft.com/technet/security/advisory/979352.mspx

Энэ анхааруулгын дагуу Microsoft Windows 2000 SP4 үйлдлийн систем дээр ажиллаж байгаа Internet Explorer 6 SP1 болон Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2(!) үйлдлийн систем дээр ажиллаж байгаа Internet Explorer 6, 7, 8(!) хувилбарууд цоорхойтой бөгөөд халдлагад өртөх боломжтой юм байна.

Өөрөөр хэлбэл, Microsoft Windows дээр Internet Explorer программын ямар ч хамаагүй хувилбар ашиглаж л байгаа бол халдлагад өртөх бүрэн боломжтой болчихоод байгаа юм байна.

Энэ цоорхойг Microsoft нөхөж хаатал Microsoft Internet Explorer веб хөтчийг ашиглахгуй байхыг ХБНГУ-ын Мэдээллийн аюулгүй байдлын төрийн албанаас (ойролцоо орчуулга) зөвлөсөн байна.

Kritische Sicherheitslьcke im Internet Explorer
BSI empfiehlt die vorьbergehende Nutzung alternativer Browser
Bonn, 15.01.2010
https://www.bsi.bund.de/cln_183/ContentBSI/presse/Pressemitteilungen/Sicherheitsluecke_IE_150110.html

In a statement issued today, the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

If you missed it, yesterday McAffee released a report outlining details of the cyber assault on Google () and around 20 other major technology companies. It specifically implicates a critical flaw in all versions of IE that allows hackers to “perform reconnaissance and gain complete control over the compromised system.” Microsoft has responded that it is developing an update to the vulnerability.

According to the statement from BSI, even running Internet Explorer () in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially Firefox (). This incident won’t help.

The full statement, translated via Google, is below:

Translated Statement from Germany

“In Internet Explorer, there is a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted Web page into a Windows () computer to infiltrate and set up. The last week became known hacker attack on Google and other U.S. companies has probably exploited the vulnerability.

Affected are the versions 6, 7 to 8 Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.

Running the Internet Explorer in ‘protected mode’ as well as disabling scripting Acitve Although more difficult to attack, but it can not completely prevented. Therefore, the BSI recommends to switch to the existence of a patch from Microsoft to an alternative browser.

Once the vulnerability has been closed, the BSI will provide information on its warning and information about public-CERT. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via e-mail.”

http://mashable.com/2010/01/15/german-government-stop-using-internet-explorer/