Security Firm Releases Patch For Zero-Day IE Flaw - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Security Firm Releases Patch For Zero-Day IE Flaw

eEye's patch is meant as a placeholder until Microsoft releases a permanent fix, which is expected by April 11.

EEye Digital Security has released a temporary patch for a zero-day vulnerability in Internet Explorer that is being used by malicious Web sites to install spyware on users' computers, officials said Tuesday.

The eEye patch is meant as a placeholder until Microsoft Corp. releases a permanent fix, which is expected by April 11, Marc Maiffret, co-founder and chief hacking officer of eEye, based in Aliso Viejo, Calif., said. At that time, users of the eEye patch are advised to use the add/remove program in Windows to delete the fix before installing the Microsoft patch.

Meanwhile, Websense Inc. said Tuesday that the number of Web sites exploiting the vulnerability has declined from the 200 reported Monday. However, Dan Hubbard, senior director of security at the San Diego-based company, said he has seen an increase in the number of different exploits, indicating that more people or groups are writing code to take advantage of the flaw. As a result, the number of malicious Web sites was expected to increase.

The vulnerability, called the CreateTextRange bug, enables hackers to exploit active scripting in IE to install keystroke loggers and other malicious software. Active scripting is a Microsoft technology that allows different software components to interact over the Internet.

The eEye patch analyzes a computer for the vulnerability, which is in IE 5.01, 6.0, and the January version of IE 7 Beta 2 Preview. The application makes a backup of the flawed code, patches the vulnerability in the original and deploys it.

EEye released the patch at the request of customers, the majority of whom use the company's vulnerability assessment product, Maiffret said. EEye also makes software for detecting and blocking malicious Web sites.

"We decided it would be crazy not to provide a work around, since we already have a product that protects against the flaw," Maiffret said. "The patch is a slimmed down version."

The IE vulnerability allows for remote code to be executed on the computer visiting a malicious Web site. Experts believe people are most likely being lured to the sites through spam.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Commentary
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Mary E. Shacklett,  4/13/2021
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll