July 25, 2017

IE Flaw Fears Prompt Non-MS Patch Downloads

More than 70,000 users hit the eEye security website to pick up the third-party patch they created to fix the createTextRange() vulnerability in Internet Explorer.

Despite protestations from Microsoft, users turned out in droves to pick up the patch developed by eEye, SecurityFocus reported. The temporary patch provided by eEye has been made freely available. A similar patch from Determina, an intrusion protection vendor from Redwood City, CA.

The patches arrive ahead of Microsoft’s efforts to patch the highly critical flaw themselves. Speculation that the company would release a patch outside of its normal release cycle has not yet been borne out by Microsoft. Both third-party patches can be uninstalled after the official patch has been applied, eEye and Determina noted on their respective advisories.

Microsoft has been following these developments as it works on an official fix to the problem. They have suggested a workaround where users disable Active Scripting in the browser. Also, they do not recommend using the third-party patches due to the modifications they make to Windows, despite both companies including uninstall routines with their patches.

The operations manager for Microsoft’s Security Resource Center posted those concerns along with some information on Microsoft’s progress. Said Mike Reavey:

” First off we’re still not seeing increased spread of attacks, and in fact have been very active in taking down sites as they come up with law enforcement. But attacks are still occurring so we certainly still recommend up to date AV software and our safe browsing guidance while we work on the update, and have updated the security advisory with a list of VIA partners that are currently providing protection. As always we’ll keep an eye out and we continue our work with law enforcement to take down any new attacks we see.”

Tags: ,

Add to | DiggThis | Yahoo! My Web

Get all the updates in RSS:

About David Utter 902 Articles
David Utter is a business and technology writer for SecurityProNews and WebProNews.