Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

More Tutorials
PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   In the short time I've been here I have been able to recieve and (hopefully) give good info. I am glad to see a forum which embraces windows98, windows95 and DOS along with the newer O/Ss. Thanks to the moderators for all there help. I will be hanging around this site from now on - Merrick  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Related Microsoft Links

Technet

Expert Zone Community
Services
Cyber Tech Help Community

To the top of the page to top

 



Computing News | Third Party Offers Patch for IE Hole

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

Posted by: Tweaker
Date added: 00:16 Wednesday, 29th March 2006 GMT
Source: Beta News

While Microsoft debates whether to release a critical update for Internet Explorer before the next Patch Tuesday on April 11, security firm eEye Digital Security has released its own patch. The flaw, discovered last week, puts IE users at risk of code execution simply by visiting a malicious Web site.

A problem exists in how IE interprets the "createTextRange()" method used for radio button controls in HTML forms. From there, the flaw can be exploited to allow program flow to be redirected to the heap. When this occurs, the attacker can then exploit the vulnerability to execute code on an affected computer.

The vulnerability has been given a high severity rating by a number of security firms including eEye, which recommends that users disable Active Scripting from within Internet Explorer. However, the company is also offering a temporary patch for those organizations that require the feature. The downloadable fix from eEye blocks access to the component within IE that is vulnerable, preventing malicious sites from exploiting the problem to install a backdoor or other malware.

"This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw," eEye says in its advisory. "Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released."

"We cannot recommend third party solutions that modify the way the product itself operates," said Mike Reavey from Microsoft's Security Response Center. "The reason is really around the fact that we carefully review and test our security updates to ensure that they are of high quality and have been evaluated thoroughly for application compatibility."

"Customers of course can weigh the risk of deploying a third party 'patch' but it's unclear what impact this will have on the system," Reavey added.

More information and patch download here.

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]