Internet Explorer patch due Friday (Australian time)

Stephen Withers
Thursday, 21 January 2010 01:41

Business IT - Security

These include Outlook (but not Outlook 2007), Outlook Express and Windows Live Mail. There are no know attacks, but they are potentially vulnerable where users have changed settings from the default that opens HTML messages in the Restricted sites zone. That zone blocks the use of Active Scripting and Active X.

The various Office applications are also potentially vulnerable if ActiveX controls are not disabled.

Third-party programs using mshtml.dll for rendering HTML may also be vulnerable.

Microsoft claims that the soon to be released "comprehensive, well-tested security update" will address the underlying issue for all of these cases.

"We recommend that customers install the update as soon as it is available.  For customers using automatic updates, this update will automatically be applied once it is released," said Jerry Bryant of Microsoft's Security Response Center.

Support for that position can be found from the security side of the industry. "As with any security patch, our advice is to apply it as soon as you can," said Richard Wang of SophosLabs US.

There have been reports of the release of unofficial fixes for the issue. McAfee Labs' Craig Schmugar said his company advised "those tempted to install an unofficial patch to think twice before doing so as malware and adware often arrive under the guise of such a 'fix'."