Users login

Create an account »


Users login

Home » Hacking News » Vendors develop IE fixes

Vendors develop IE fixes

by Ivana Strahija on March 28th, 2006 While third party patches are being deployed to remedy the growing concern of Internet Explorer createTextRange vulnerability, Microsoft is still silent. eEye Digital Security and Determina have both released temporary fixes, available free from their web sites.

The current zero-day IE vulnerability reminds of the WMF bug earlier this year, when Microsoft also neglected the necessity for a speedy patch. But, this time around, security experts warn users not to install the third-party solutions, except if absolutely necessary. They argue that the unofficial patches might bring compatibility issues, or make security holes themselves.

Security experts also state that this vulnerability is not such a high-profile one, and that the legitimate workaround (disabling active scripting) exists.
The third party fixes block access to the vulnerable component in the Microsoft Web browser, preventing malicious Web sites from taking advantage of the vulnerability (installing Trojans, spyware and remote control software or stealing sensitive data).

Microsoft calms the users of Internet Explorer by saying that the attacks have not been widespread yet. The company is also 'doing its best' to produce a patch, but did not promise to issue it before April 11. Instead, they are working with police to take down the malicious web sites.

As for Xatrix, we would recommend great caution when installing any new software, including any patches. For us, the solution is simple: switch to Firefox, Opera or any other browser. Internet Explorer seems to be way to buggy for those concerned about computer security.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »