Microsoft couldn't patch its IE flaw
Date: March 29, 2006Source: Washington Post
A couple of computer-security companies have separately released free patches to plug a critical security flaw in Microsoft's Internet Explorer browser that hacker groups have been exploiting to steal passwords from Windows users.
The third-party fixes from Aliso Viejo, Calif.-based eEye Digital Security and Determina of Redwood City, Calif., came after Microsoft said it did not plan to issue its own update until April 11, the next date in its regular monthly security-update cycle.
Meanwhile, security experts have identified at least 200 Web sites that are being used to install password-stealing malware on Windows PCs when users merely visit one of the sites with IE.
This scenario is shaping up in a familiar way. During the final days of 2005, hackers released code that could be used to break into Windows computers whose users visited certain Web sites or opened image files infected with the code. After thousands of Web sites began using the code to install spyware and other unwanted crud, independent security researcher Ilfak Guilfanov on Jan. 1 released a free patch to fix the problem.
Amid growing criticism for saying it would wait another nine days to issue its own update, Microsoft accelerated its patch process and pushed out a fix by Jan. 5.
Add comment Email to a Friend