We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.   We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.
 Tuesday, March 28, 2006
eEye offers temporary IE fix

The unofficial fix blocks access to the vulnerable component in the Microsoft Web browser, preventing malicious Web sites from taking advantage of the vulnerability, said Steve Manzuik, security product manager at eEye in Aliso Viejo, Calif. Microsoft does not have a fix for the flaw available yet.

Though eEye's patch does protect PCs against attacks that take advantage of the flaw, the company recommends installing the fix only as a last resort. "Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation," Manzuik said. Disabling Active Scripting is Microsoft's suggested work-around.

"This patch is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw," Manzuik said.

eEye, which makes an intrusion-prevention product called Blink, crafted the fix at the request of its customers, Manzuik said. "Customers who don't have Blink deployed yet were looking for a temporary solution," he said. However, eEye has made the fix available for anyone, on its Web site.

Microsoft doesn't recommend installing eEye's fix. "We have not tested this mitigation tool," said Stephen Toulouse, a program manager in Microsoft's Security Response Center. "We can't recommend it because we have not tested it...Customers should weigh the risk of applying something like this to their systems."

The vulnerability has to do with how Internet Explorer handles the "createTextRange()" tag in Web pages. Since the flaw was disclosed publicly last week, more than 200 Web sites have been found to exploit it. These sites typically install spyware, remote control software and Trojan horses on vulnerable PCs, according to security company Websense.

Microsoft has also seen the attacks, but Toulouse said "the spread rate appears to be relatively limited." That means there aren't many new attacks being launched. Microsoft is working with law enforcement to take down Web sites that are hosting the attacks, which are often hacked sites, he said.

Threats
3/28/2006 7:27:36 AM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |  Comments [0]  | 
Related Posts:
UPS phishing again
Obama sex video
Attack Breaks DNS Patches!
Kaminsky provides the why
DNS vulnerability
MPack: the Strange Case of the Mass-Hacking Tool