Two security companies have released workarounds for a serious flaw in Internet Explorer that is being exploited...
eEye Digital Security and Determina have both released workarounds for the vulnerability, which concerns the Active Scripting function.
The workarounds are designed to be used as a temporary measure until Microsoft releases its official patch, which is expected on 11 April.
eEye Digital Security said, "Organisations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released."
Determina also recommended users uninstall its fix once the official Microsoft version becomes available.
Web monitoring company Websense has warned users of a new attack based on the security hole. It said, "Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites."
The attack uses excerpts from BBC news stories and offers a "read more" link. Users who follow this link are taken to a website containing a spoofed copy of the BBC news story.
Websense said, "This website exploits the vulnerability and is currently being used to download and install a keylogger."