Tuesday, March 28, 2006

Vendors Patch Microsoft IE Bug

Security vendors are racing to patch a newly uncovered Microsoft security flaw, with Aliso Viejo-based eEye Security issuing a patch for the flaw. The security flaw, which was uncovered this week and has started to see exploits available on the web, is not scheduled to be patched by Microsoft until its April 11th security release. The security flaw enables attackers to install spyware and remote control software onto users' machines if they visit a malicious web site. According to Microsoft, the recommended method of protecting systems against the attack is for users to disable Active Scripting in Internet Explorer for Internet and Local intranet security zones. San Diego-based web security vendor WebSense reported today that it has already discovered hundreds of websites designed to take advantage of the bug, and that its own software also protects against the flaw.