The flaw is caused by how Internet Explorer handles createTextRange tags, and could let malicious software run and install itself. Microsoft has not yet offered a patch, though it should be on the April 11 updates. Numerous websites have been identified that exploit the vulnerability. In a recent article from CNet it is reported that e-mail spams containing excerpts of BBC stories are being sent out, and readers are redirected to forged BBC webpages. Once the infected site is visited, a keylogger is pushed into the system, and user information like usernames and passwords are captured and collected.
Until the patch is released, users of Internet Explorer could do the following:
Disable active scripting:
- On the IE browser, click on Tools and select Internet Options .
- Click on the Security tab, click on Internet and then select Custom Level
- On the Security settings look for Scripting. Set Active Scripting to either Disable or Prompt. Click OK.
- Now back to the Internet Options, Click Local intranet, and then Custom Level. Repeat step no. 3.
Download and Use another browser :
Use Firefox or Opera as your browser.Update:
Microsoft has released a cumulative patch for IE, which is found in the Microsoft Security Bulletin. Together with the April 11 IE updates are patches for MDAC, Outlook Express and Frontpage.
No comments:
Post a Comment