Unofficial patch issued for critical IE browser flaw


Unofficial patch issued for critical IE browser flaw

Antony Savvas

Users desperate to defend themselves against the latest Internet Explorer security threat can install an unofficial patch to deal with the problem, as Microsoft struggles to issue one.

EEye Digital Security released the temporary fix yesterday, which combats an exploit in the wild that takes advantage of a security hole in the browser disclosed last week.

The unofficial patch blocks access to a vulnerable component in IE, preventing malicious websites from taking advantage of the vulnerability.

While it works on a patch, Microsoft advises users to disable active scripting in their browsers. EEye recommends that users only use its patch if they cannot disable active scripting.

The security company said its patch was not meant as a replacement for the official patch, just a temporary fix until the official one arrives – expected on 11 April at the latest, as part of Microsoft scheduled security patching cycle.

Microsoft may, however, release a patch earlier if the critical threat widens. The vulnerability relates to the way IE handles the "createTextRange()" tag in web pages.

Security company Websense has so far discovered 200 malicious websites that exploit the flaw, meaning users that visit them could inadvertently open up their machines to remote attackers.

Microsoft does not recommend that users download the eEye digital patch, however, as it says it may affect the usual working of other Windows and IE components on their systems.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy