Microsoft fixes browser flaw blamed for attack on Google that sought Chinese activists’ data

more images

more images

Microsoft fixes browser flaw used in Google breach

SEATTLE — Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave China.

The updates are for all supported versions of Internet Explorer, from IE 5.01 up through the newest IE 8.

People who have their computers set to install security updates automatically will get the fix. PC users who don’t automatically get updates should go to www.microsoft.com/security to download the patch.

Microsoft said it learned of the problems last fall and was already planning to release the fixes in February. Last week, it confirmed that the attacks described by Google Inc. took advantage of the same flaw.

Hackers can lure people to Web pages containing malicious code, then exploit the browser flaw to take over their computers. Attackers in China may have used the flaw to break into e-mail accounts of human rights activists who oppose the Chinese government. Hackers may also have used this flaw, among others, to break into Google’s own networks and those of other large companies such as Yahoo Inc. and Juniper Networks Inc.

Microsoft seldom releases security patches outside its regular, once-a-month update cycle, but has been known to rush out patches for so-called “zero-day” exploits in which hackers attack a software hole before the company has a chance to find a fix. The last time Microsoft broke from its security update schedule was in July 2009.

On the Net:

www.microsoft.com/security