Third-party patches for IE released


Third-party patches for IE released

Cliff Saran

Two security companies have released workarounds for a serious flaw in Internet Explorer that is being exploited by hackers.

eEye Digital Security and Determina have both released workarounds for the vulnerability, which concerns the Active Scripting function.

The workarounds are designed to be used as a temporary measure until Microsoft releases its official patch, which is expected on 11 April.

eEye Digital Security said, "Organisations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released."

Determina also recommended users uninstall its fix once the official Microsoft version becomes available.

Web monitoring company Websense has warned users of a new attack based on the security hole. It said, "Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites."

The attack uses excerpts from BBC news stories and offers a "read more" link. Users who follow this link are taken to a website containing a spoofed copy of the BBC news story.

Websense said, "This website exploits the vulnerability and is currently being used to download and install a keylogger."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy