Independent Patch Fixes Internet Explorer Flaw
Microsoft has deemed the recently exploited ‘createTextRange’ flaw in Internet Explorer as critical, but calls use of flaw ‘limited’. As a result the company has announced that they won’t be releasing a patch until the scheduled April 11 day for Windows updates.
The company who discovered the exploit, eEye Digital Security, thinks that the flaw is too important to be allowed to be left unpatched for two weeks, so they’ve taken matters into their own hands and released a fix. eEye’s patch, which is available free of charge, will automatically remove itself when Microsoft’s official patch is delivered. “That’s a long time to leave several million Windows users without any sort of protection,” said Marc Maiffret, eEye’s chief hacking officer (sounds like a joke job title, but we kid you not!).
The exploit is used by hackers who trick users into visiting websites containing malicious code. Microsoft said that the exploit is disabled by turning off Active Scripting.
Add comment March 28th, 2006