News

Downloads of unofficial IE fix hit 95,000

So far 95,000 Internet Explorer users have downloaded an unofficial patch to fix a critical security flaw in the browser.

The patch was issued by eEye Digital Security earlier this week when exploit code for the IE flaw started to appear on the internet.

Rival intrusion detection firm Determina followed suit and also issued its own unofficial patch
.
Both patches are not sanctioned by Microsoft, which is still working on its own official fix. It is not known how many users have so far downloaded the Determina patch.

The Microsoft patch is expected to be issued by 11 April at the latest, which is the company’s scheduled security patching date. But because the threat of the flaw is increasing, the company said it has not ruled out releasing a fix earlier.

Microsoft does not sanction the use of unofficial patches, as it says they could potentially affect the way other IE and Windows components usually work.

The vulnerability is found in the way IE processes "createTextRange()" JavaScript, and is currently being exploited by hundreds of malicious websites which are trying to tempt users with rogue e-mail links.

Internet security company Websense has warned users to be on the look out for spoof e-mails pertaining to be from the BBC, which have web links carrying users to malicious sites.

Users think they are being taken to a news story, but once there they are infected with a Trojan virus and key-logging software.

In addition to the critical flaw that has made it into the wild, Microsoft is also considering two other security flaws found in its browser last week.

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy