Third-party patches for IE released


Third-party patches for IE released

Cliff Saran

Two security companies have released workarounds for a serious flaw in Internet Explorer that is being exploited by hackers.

eEye Digital Security and Determina have both released workarounds for the vulnerability, which concerns the Active Scripting function.

The workarounds are designed to be used as a temporary measure until Microsoft releases its official patch, which is expected on 11 April.

eEye Digital Security said, "Organisations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released."

Determina also recommended users uninstall its fix once the official Microsoft version becomes available.

Web monitoring company Websense has warned users of a new attack based on the security hole. It said, "Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites."

The attack uses excerpts from BBC news stories and offers a "read more" link. Users who follow this link are taken to a website containing a spoofed copy of the BBC news story.

Websense said, "This website exploits the vulnerability and is currently being used to download and install a keylogger."

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy