Another unofficial patch has been released to counter a
critical flaw in Microsoft’s Internet Explorer
browser.
Microsoft is working on a patch which is expected on 11 April at
the latest, but eEye Digital Security issued a temporary patch
earlier this week, and now fellow internet security company
Determina has followed suit.
Both unofficial patches combat an exploit in the wild that takes
advantage of a security hole in the IE browser disclosed last
week.
The unofficial patches block access to a vulnerable component in
IE, preventing malicious websites from taking advantage of the
vulnerability.
While it works on a patch, Microsoft advises users to disable
active scripting in their browsers. eEye recommends that users only
use its patch if they cannot disable active scripting, as does
Determina.
Microsoft is expected to have an official patch on 11 April at
the latest, as part of Microsoft scheduled security patching
cycle.
Microsoft may, however, release a patch earlier if the critical
threat widens. The vulnerability relates to the way IE handles the
"createTextRange()" tag in web pages.
Security company Websense has so far discovered more than 200
malicious websites that exploit the flaw, meaning users that visit
them could inadvertently open up their machines to remote
attackers.
Microsoft does not recommend that users download the unofficial
patches. It warns that the patch may affect the normal working of
other Windows and IE components on their systems.