RealTime IT News

Microsoft to Cover IE Exploit

A fix for a widely exploited flaw in Internet Explorer is among five security patches Microsoft told users to expect next week.

Following weeks of speculation whether the CreateTextRange vulnerability would force the software giant to break from tradition and release a special patch, Microsoft said Thursday the patch is among four others slated for April 11.

The company expects to release five security patches: four (including one deemed "critical") affect the Windows operating system and one addresses a "moderate" vulnerability in Microsoft Office.

"One of the updates will be a cumulative Internet Explorer update that addresses the publicly known 'CreateTextRange' vulnerability," Microsoft wrote in an advance notification.

The official patch follows a series of third-party fixes unveiled by security firms as a temporary solution.

While Microsoft doesn't reveal details of upcoming security updates, the company did say next week's release will include a "compatibility patch" providing developers a 60-day reprieve from changes made to how IE processes ActiveX controls.

The compatibility software would forestall a permanent change to IE brought after Microsoft lost a 2003 lawsuit to Eolas.

Microsoft planned to update IE requiring users to manually enable ActiveX controls encountered on Web pages. The patch gives developers until June to test their Web applications for compatibility with the proposed IE alteration.

Security vendors, upset over Microsoft's reluctance to break from its monthly security patch cycle, released several third-party patches to provide immediate cures for their customers.

The episode left onlookers questioning both the wisdom of applying unofficial fixes and Microsoft's slow response.