RealTime IT News

Microsoft Plans Patch For IE Hole

Microsoft is responding to what one security firm terms a "highly critical" flaw in Internet Explorer.

The software giant said it is planning to release a pre-patch advisory with instructions on avoiding the security problem.

Attackers could exploit a flaw in the "createTextRange()" method used by IE to control radio buttons, according to Copenhagen, Denmark-based Secunia Research, which first reported the flaw.

The security hole would enable malicious hackers to execute code when IE users visit a specially crafted Web site, according to an alert published by Secunia.

The flaw was confirmed on a fully patched version of IE 6.0 and Microsoft XP SP2, as well as IE 7 Beta 2 Preview released in January, according to the security company.

Microsoft's Security Response Center (MSRC) blog said the company is aware of the flaw and is investigating and plans to issue an advisory.

It reassured users of the IE 7 Beta 2 Preview who received the software at the Microsoft Mix06 conference held in Las Vegas earlier this week that they are not affected.

The Beta 2 release is an interim version coming between an earlier January Beta 2 and the final beta Microsoft plans to offer this summer.

Turning off Active Scripting will also prevent an attack, according to the blog entry. Outlook and Outlook Express e-mail users are not affected, according to Lennart Wistrand, the MSRC's program manager.