Google has strengthened its Desktop Search tool so that it cannot be used any longer by hackers who are exploiting an unpatched vulnerability in Microsoft’s Internet Explorer software.
Last week, Matan Gillon, an Israeli security researcher, reported that he had found a way to use an Internet Explorer vulnerability in conjunction with Google Desktop Search to penetrate Windows PCs and obtain personal information from them.
Google has made a correction to its Desktop Search service so that it cannot be used any longer in conjunction with the remote attack.
“Even though Internet Explorer is the root cause of the vulnerability, Google’s changing its Desktop Search so that it was no longer remotely accessible though the vulnerability in IE was the responsible thing for Google to do,” said Gartner Research vice president Neil MacDonald. “This will protect Google’s Desktop Search users until Microsoft addresses the root cause issue.”
Because Microsoft and Google compete for desktop search capabilities, said MacDonald, the negative publicity was not good for Google. But, rather than take a black eye for what fundamentally is a problem with Internet Explorer, Google has fixed the problem directly, he noted.
“This still leaves open other CSS-based attacks on other products as long as the vulnerability in IE remains,” he said. “Now the ball is back in Microsoft’s court where it should have been from the beginning.”
“Google was able to address the problem quickly because it didn’t require changing any code at the user’s desktop,” MacDonald said. “Google applied more stringent security controls on its main site, which shut down the exploit.”