Bad web browser bug gets patched

Bad web browser bug gets patched

Users face a tricky choice on whether they use the patches
Security firms have released patches for a critical loophole in Microsoft’s browser that leaves users open to attack.
The release pre-empts Microsoft which is not due to release a fix for the bug until 16 April.

The security firms said the patches were needed because hundreds of websites had been created to exploit the loophole.

But Microsoft said it did not recommend that users apply the patches.

Patch problem

In late March, three security loopholes were found in Microsoft’s Internet Explorer browser by security firms.

The most serious of the three, known as the CreateTextRange bug, allowed malicious hackers to take over a PCs if it was used to visit specially crafted webpages.

Now two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole. Earlier, Microsoft said it would produce a patch in time for the next scheduled Windows security update that falls on 11 April.

Marc Maiffret, eEye’s co-founder and chief hacking officer, said its patch was a stop-gap prior to the official version from Microsoft. He said eEye’s patch would disable itself once the official version was released and installed.

Microsoft said it could not endorse the patches or recommend that users install them as they had not been through the software giant’s testing and evaluation program.

Although Microsoft has played down the threat from people exploiting this loophole, others have found hundreds of websites built to take advantage of the bug in the IE web browser.

Websense said it had seen more than 200 unique web links that were trying to catch people out using the loophole.

On its security blog, Microsoft said it was working with law enforcement to shut down websites created to exploit the bug.

http://news.bbc.co.uk/1/hi/technology/4856492.stm

Microsoft said it could not endorse the patches or recommend that users install them as they had not been through the software giant’s testing and evaluation program.

ROFLMAO :rolleyes:

:lol: :haha:

Anyone still using IE gets what they deserve.

Unless they are forced to…
My bank (no name) comments that Opera is a security risk and recommends IE or another “compatible” browser…

And before you suggest it, I’m not installing Firefox, I much prefer to use IE over Firefox that’s how badly Mozilla’s annoyed me.

Well that goes to show you what most Windows IT department act like. Opera more of asecurity risk than IE! That is a real laugh!:haha: :bs: :doh:

TBH…im still using IE…I have tried firefox and i was nonplussed. IE does what i need it to, the fact is that more sites work with IE than fox (cos of the monopoly). furthermore i have never picked up any crap thru IE, mainly cos i know what to look for and what to avoid.