This time, the patch offered is not getting the sort of backing the last patch got from security professionals. I think because the workaround of disabling ActiveX recommended by Microsoft is really the best way to go about keeping oneself safe. Also, no one in their right mind wants to set a pattern of unofficial patching that might well distract users from the official patch when it arrives.
However one deals with it, exploit code for this vulnerability is out and installed on hundreds of (probably hijacked) web sites. This means doing nothing is unacceptable. Personally, I don't use Internet Explorer for anything but accessing Windows Update and/or Microsoft Update. Even so, ActiveX is disabled until I actually need to go to those sites, just in case someone finds a way to get to the vulnerable parts of IE without the browser actually being opened.
Jack
No comments:
Post a Comment
All comments are moderated.
Note: Only a member of this blog may post a comment.