eEye Patches Microsoft IE Security Vulnerability, Temporarily

Microsoft Says It Will Fix Problem by April 11

Mar. 29, 2006 10:00 AM

Internet Explorer Web pages processes using the createTextRange() method is at present being exploited by attackers on thousands of malicious Web sites. Web surfers are enticed into visiting these Web sites could have unauthorized installed software on their computers.

Microsoft has termed these attacks as limited in scope, yet the problem is being taken seriously by the company because of the exploits could eventually seize the control of a user computer.

"We're working day and night on development of a cumulative security update for Internet Explorer that addresses the vulnerability," wrote Stephen Toulouse, head of Microsoft's Security Response Center, in a Saturday blog posting.

Marc Maiffret, speaking for eEye, reportedly was critical of Microsoft taking so long to release its patch, so the company decided to release a temp patch of its own. Microsoft has suggested disabling Active Scripting, a solution that it has recommended before for similar problems, and one that presumably a large percentage of users won't be able to do.

eEye's said that its patch will remove itself automatically if users download the patch from Microsoft when it comes.

Published Mar. 29, 2006— Reads 6,519 — Feedback 1
Copyright © 2008 SYS-CON Media. All Rights Reserved.

MICROSOFT .NET LATEST STORIES

OpenSpan and TIBCO Team on Desktop Integration for SOA and BPM

By SOA World Magazine News Desk

OpenSpan and TIBCO have announced a technology and business partnership designed to extend TIBCO solutions to desktop environments. The partnership will enable TIBCO Service-Oriented Architecture, Business Process Management and Business Optimization solutions to more rapidly integrate...

Microsoft To Kill Windows Live OneCare for Morro

By Maureen O'Gara

In a move that looks tailor-made for an antitrust suit, Microsoft says it’s going to give away a consumer security kit that it’s building code named Morro. It should be available in the second half of next year – probably more like mid-year. The freebie widgetry is supposed to de...

Tidal Software Announces Intersperse 8.0

By .NETDJ News Desk

Tidal Software has announced Intersperse 8.0, a product that monitors J2EE and .NET applications and their transaction component performance to produce meaningful metrics for managing applications and high-level business processes. The product leverages a combination of lightweight Ja...

DataGuise Introduces Data Masking for Multi-Database Environment

By .NETDJ News Desk

DataGuise has announced their first masking in place solution for multi-database environments such as Oracle, Microsoft SQL Server, and others. The dgSolution Suite provides secure masking of database content and is designed for the highest level of flexibility and functionality across...

SYS-CON Webcast - The Blackberry Technical Webcast Series

By BlackBerry News Desk

The BlackBerryR Technical Webcast Series is designed to help BlackBerry administrators better manage and leverage the capabilities of their BlackBerry solution. Each webcast is packed with detailed technical information, covering topics that are relevant to you. Our on-demand webcasts ...