eEye Digital Security, a cybersecurity company, has released a patch for Microsoft Internet Explorer to protect against attacks exploiting newly discovered security vulnerabilities in the browser.
Steve Manzuik, the security product director at eEye, stated that this “unofficial” patch blocks all access requests to the flawed components in Internet Explorer, thereby preventing malicious websites from leveraging these vulnerabilities.
While eEye’s patch can effectively protect computers from attacks, the company advises users to install this patch only as a last resort. “Organizations should only proceed with this patch if they are unable to disable Active Scripting in IE,” Manzuik said. This is also Microsoft’s recommendation for users.
“This patch is not a substitute for the upcoming patch from Microsoft. It is merely a temporary solution to mitigate the exploitation of these vulnerabilities.” Manzuik emphasized.
eEye decided to release this patch at the request of its customers. However, eEye is providing this patch to all users via the company’s website.
Meanwhile, Microsoft advises against installing eEye’s patch. “We have not tested this patch,” said Stephen Toulouse, a program manager at Microsoft’s Security Response Center. “We cannot recommend that users install this patch because it has not been tested… Customers should weigh the risks of installing anything like this on their systems.”
This security flaw relates to how Internet Explorer handles the “createTextRange()” functions on web pages. Since this vulnerability was discovered and publicly disclosed last weekend, over 200 exploiting websites have been identified on the Internet. Most of these sites primarily exploit the security flaw to install spyware or gain remote control of systems through Trojan malware.
eEye’s patch is compatible with systems running Windows with IE 5 or IE 6.
HVD
