March 28th, 2006
eEye Digital Security Fixes IE Vulnerability
By Jimmy Daniels
Contributing Writer, RealTechNews
Yesterday, I talked about the rise in the number of websites exploiting the latest Internet Explorer vulnerability, and the fact that Microsoft may not patch it until the next Patch Tuesday. Well, eEye Digital Security has issued work around for companies who are not able to disable active scripting.
This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw. Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation.
Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. Please note that at this time this workaround only supports Windows NT, Windows 2000, Windows XP, and Windows 2003 and is fully removable. Source: eEye Digital Security
We Say: The recommended work around is to disable active scripting, but if, for some reason you are not able to do this, this patch will help you. If you need to disable active scripting on a domain or if you are using active directory, you can use group policy and the Internet Explorer Administrator kit to disable it on the computers in your domain.
John Corliss says:
Better yet, simply don’t use IE for anything but viewing websites that you know are trustworthy, or even better, only for the MS Windows Update. Switching to Firefox for as much of your surfing as is possible is another good thing to do.
March 29th, 2006 at 3:50 am