Microsoft offers workaround for IE vulnerability

Microsoft Corp. has released software that can be used to mitigate a critical vulnerability in Internet Explorer that was first reported last week.

The bug, which concerns the way Internet Explorer (IE) handles ActiveX components, can cause the browser to crash and could be used by an attacker to run unauthorized software on the IE user’s machine, according to Microsoft.

On Tuesday, Microsoft released software that in the registry disables a file called Javaprxy.dll, which is used to run these components in IE. This file is used by the Microsoft Java Virtual Machine, according to Microsoft.

Microsoft has not yet decided whether it will release a software patch that would fix the underlying problem, a spokeswoman for Microsoft’s public relations agency said. “The workaround that they’ve offered here doesn’t fix the underlying vulnerability, but it removes the functionality,” she said.

Danish security company Secunia gave the vulnerability its most serious rating, calling it “extremely critical.”

The Austrian security researchers who discovered the flaw expect Microsoft eventually to issue a full-blown patch. “Right now it’s not that dangerous,” said Martin Eisner, chief technical officer with security consulting company SEC Consult Unternehmensberatung GmbH. “But of course within a couple of weeks there will be somebody who has a little bit more time than we have and there will be an exploit then,” he said in an interview last week.

The software vendor does not yet know of any software that has exploited the bug, the Microsoft spokeswoman said Tuesday.

Microsoft has issued a Security Advisory that provides more details on the bug and lists other possible workarounds to the problem. It can be found here.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now