Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Preps IE Flaw Fix; Sites Exploiting Bug Multiply

Microsoft Corp. on Monday said it was working on a fix for a flaw in Internet Explorer that security experts said was being used by a growing number of Web sites to install spyware on users' computers.

As of Monday, security firm Websense Inc. said the number of unique Web sites taking advantage of the vulnerability had remained at about 200 since Sunday, given that the number of sites taken down have been replaced with a roughly equal number of new sites. The overall number, however, were expected to grow over time.

An entry on the Microsoft Security Response Center blog said the company was seeing "only limited attacks." Nevertheless, Microsoft was working on a fix that would be ready at least by April 11, the next regularly scheduled patch day, if not sooner.

"The IE team has the update in process right now and if warranted we'll release that as soon as it's ready to protect customers," the posting said.

The vulnerability enables hackers to exploit active scripting in IE to install keystroke loggers and other malicious software. Active scripting is a Microsoft technology that allows different software components to interact over the Internet.

  • 1