, SecurityFocus 2006-03-28
Story continued from Page 1
The threat has largely diminished since the weekend, according to the Internet Storm Center, the incident response arm of the SANS Institute.
"Right now, there is not that much of a threat," said Johannes Ullrich, chief research officer for the SANS Institute. "Most of the sites are down right now, and the payload is removed from the Web sites from which it was being downloaded."
Microsoft advised users to turn off Active Scripting, if they do not need the functionality. The problem is the latest issue caused by the support for ActiveX, a programming language supported by Internet Explorer to add interactive functions to Web sites. The problems have occasionally resulted in calls for users to switch to alternative browsers, such as Mozilla's Firefox, which does not support the Active Scripting function.
However, some users that may not be technical enough to understand how disable Active Scripting or require the functionality, said Determina and eEye in their advisories.
"The workaround does not fully address the problem," said Charles Renert, director of security research for Determina. "Workarounds turn off functionality... In one way, it's like saying you could always turn off your computer, and you wouldn't be affected, but that is not a good solution in terms of business continuity."
For users that need Active Scripting functionality, the third-party patches are the only option, the SANS Institute's Ullrich said.
"As long as Microsoft has not developed a patch to protect people, there third parties will produce patches," he said. "There are a couple cases where you have to use Internet Explorer with Active Scripting enabled, and in those cases, these (patches) are really the only option."
Microsoft has not announced when it plans to release a patch for Internet Explorer. The software giant patched the WMF flaw in eight days, it's fastest turnaround time to fix a flaw in Internet Explorer. The company's next scheduled patch date is Tuesday, April 11.
UPDATE: The article was updated at 6:00 am PST on Wednesday with comments made by Stephen Toulouse of Microsoft, which appeared on the MSRC blog, on the third-party patches. The article was also updated at 10:30 a.m. PST the day before with comments from both Johannes Ullrich of the SANS Institute and Charles Renert of Determina. The original article was posted at 8:00 a.m. PST on Tuesday.