SecurityProNews Directory: A Directory For All Things Security

IE Exploits Hit The Web

The createTextRange() method exploit could permit the arbitrary execution of code through Internet Explorer, and malicious sites that take advantage of the as-yet-unpatched flaw have been sighted online.

By disabling Active Scripting in IE as recommended by Microsoft, users should be able to avoid the impact of a highly critical flaw in the browser. Both Secunia and Sophos have reported exploit code being in the wild.

Should a Windows user running IE with Active Scripting enabled and administrative rights on the PC encounter this malicious code online, the system could be exploited and remote code executed by an unknown user.

Microsoft has confirmed the existence of the flaw and has a patch in development. It is not known whether Microsoft will release the patch early, or wait until its next scheduled patch release date of April 11th.

Sooner may be better than later, as a representative with Sophos noted on their website today:

Microsoft is warning users to exercise caution when opening email messages, and web links in email messages, from untrusted sources.

“With no patches yet available to plug this hole, both home users and businesses need to exercise caution here,” said Carole Theriault, senior security consultant at Sophos. “Users without any additional security measures, such as firewall and anti-virus software, and users who surf the web and open emails and without care, are at much higher risk that those who practice safe computing.”


Taga: ,

Add to | DiggThis | Yahoo! My Web

Get all the updates in RSS:

David Utter
About David Utter
David Utter is a business and technology writer for SecurityProNews and WebProNews.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>