Microsoft Corp. has released software that can be used to mitigate a critical vulnerability in Internet Explorer that was first reported last week.

The bug, which concerns the way Internet Explorer (IE) handles ActiveX components, can cause the browser to crash and could be used by an attacker to run unauthorized software on the IE user’s machine, according to Microsoft.

On Tuesday, Microsoft released software that in the registry disables a file called Javaprxy.dll, which is used to run these components in IE. This file is used by the Microsoft Java Virtual Machine, according to Microsoft.

Microsoft has not yet decided whether it will release a software patch that would fix the underlying problem, a spokeswoman for Microsoft’s public relations agency said. “The workaround that they’ve offered here doesn’t fix the underlying vulnerability, but it removes the functionality,” she said.

Danish security company Secunia gave the vulnerability its most serious rating, calling it “extremely critical.”

The Austrian security researchers who discovered the flaw expect Microsoft eventually to issue a full-blown patch. “Right now it’s not that dangerous,” said Martin Eisner, chief technical officer with security consulting company SEC Consult Unternehmensberatung GmbH. “But of course within a couple of weeks there will be somebody who has a little bit more time than we have and there will be an exploit then,” he said in an interview last week.

The software vendor does not yet know of any software that has exploited the bug, the Microsoft spokeswoman said Tuesday.

Microsoft has issued a Security Advisory that provides more details on the bug and lists other possible workarounds to the problem. It can be found here.



Related Download
Security Training Resource Kit Sponsor: ITWC
Security Training Resource Kit
Want to reduce your security incidents? Experts say that training can reduce security incidents by anywhere from 45% to 70%. But how do you train your employees effectively? Yes, you can send memos and do courses, but who reads this stuff? That's why we took a different approach.
Download Now