Microsoft says it is working on a patch for the latest "highly critical"
Internet Explorer hole, and that users can expect
its release on April 11, if not sooner. The
remote code execution hole relies on an error in the processing of a DHTML
method call applied to radio button controls, and can be triggered when a user
visits a malicious website.
eWEEK has seen a list of more than 20 unique domains and 100 unique URLs
hosting the exploits, which are dropping a variant of
SDbot, a virulent family of backdoors that give hackers complete ownership
of infected computers. SDbot allows attackers to control victims' computers
remotely by sending specific commands via IRC (Inter Relay Chat) channels. It
has been used to seed botnets and plant keystroke loggers for use in identity
theft attacks.
In the absence of a patch, Microsoft recommends that IE users configure the
browser to prompt before running Active Scripting or disable Active Scripting in
the Internet and Local intranet security zone. In addition, IE users can set
Internet and Local intranet security zone settings to "High" to prompt before
Active Scripting in these zones.
eEye's security company's chief hacking officer Marc Maiffret said that two
weeks is too long to leave customers without any protection. So they released
what it calls
a "temporary" patch to address the problem.
EEye's patch, which is free, will automatically remove itself when
Microsoft's official patch is delivered.
