ZDNet reports that an unpatched security bug in Internet Explorer is already being exploited to install malicious software. The quote Ken Dunham of VeriSign’s iDefense saying that fully patched versions of IE are vulnerable.
The ZDNet article also reports that Microsoft plans to fix the hole in its October 10th “Patch Tuesday,” its once-a-month release of patches for MS products.
Eric Sites of Sunbelt Software, makers of the CounterSpy anti-spyware/anti-adware program that I use and recommend, says in his blog entry that this is a flaw with the VML routine in IE and can be “mitigated by turning off Javascripting” (in IE).
How to turn off JavaScript/ActiveScript in IE
Of course, this isn’t a very useful solution as many web sites use JavaScript for navigation and other necessary functions.
Much easier, use Firefox as your web browser. Yes, you can have IE and Firefox both installed and even both open at the same time.
