Microsoft readies Internet Explorer fix

 

Gallery

Posted on 10 Jul 2009 at 11:36

Microsoft will release six security updates next Tuesday, including two addressing the ActiveX bug that hackers have been using to exploit Internet Explorer 6 and 7.

In an unusual step, Microsoft's advanced security bulletin names the specific bugs the patch Tuesday update will deal with, suggesting it's looking to settle a few nerves among the security community.

Traditionally, the company offers only general information concerning fixes in its advanced bulletins.

Earlier in the week, Microsoft confirmed that thousands of legitimate websites had been hacked to exploit the flaw in DirectShow, which Internet Explorer uses to process media.

Visitors to these legitimate sites, which mostly belong to schools in China, are swiftly redirected to a server at 8oy4t.8 866.org which promptly bombards them with a potent cocktail of malware.

The company has issued a workaround that sets a large number of "kill bits" disabling the flawed control. The fix will apply this workaround to Internet Explorer 6 and 7 through Windows Automatic Update, while the company beavers away on a patch.

The remaining four patches will address holes in Windows, Publisher, Internet Security and Acceleration Server (ISA) and Microsoft's Virtual PC and Virtual Server software.

The Windows updates will be tagged "critical," Microsoft's highest threat ranking, while the others will be marked "important."

Author: Stuart Turton