Workaround promises to protect browser in anticipation of official fix
vnunet.com, 28 Mar 2006
Security vendor eEye Digital Security has created a temporary patch that protects end users and enterprises from an unpatched vulnerability in Internet Explorer.
The vulnerability is caused by an error in the way that the browser processes a 'createTextRange' call on a radio button. The bug could allow attackers to take control of a system by luring victims to a specially crafted website.
Attackers are actively exploiting the flaw and Microsoft has hinted that it might release an out of cycle patch.
The Redmond giant had advised users to disable Active Scripting in their browser settings (instructions can be found at Microsoft's support website).
Microsoft has not certified the eEye patch. The security firm recommended that users try disabling Active Scripting first and use its workaround only if this does not work.
"EEye's patch is not meant to replace the forthcoming Microsoft patch, but to provide immediate protection in lieu of an available fix," said Marc Maiffret, co-founder and chief hacking officer at the security company.
"In fact, eEye has engineered the patch to automatically remove itself when Microsoft's official patch comes through."
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Intel explains how its Xeon processors can handle data-intensive apps
Thomas speaks out on government databases and data privacy
Do you agree?
Have your say on this article