Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Thousands download third-party patches
Published: 2006-03-29

More than 70,000 users have downloaded one of the two third-party workarounds for a critical flaw in Internet Explorer, a representative of the company that made the fix said on Wednesday.

The interest follows a weekend in which hundreds of Web sites were seeded with malicious pages designed to exploit a flaw in the way Microsoft's Internet Explorer processes certain HTML objects using the CreateTextRange function.

By Wednesday afternoon, a patch offered by software security firm eEye Digital Security had been downloaded more than 70,000 times, the company said. Representatives of security firm Determina were not able to estimate the number of downloads for its patch by the end of Wednesday.

The broad interest in downloading the third-party patches comes despite warnings from Microsoft that installing the workarounds are not a good idea.

"We cannot recommend third party solutions that modify the way the product itself operates," Stephen Toulouse, security program manager for Microsoft said in a posting to the Microsoft Security Response Center (MSRC) blog. "The reason is really around the fact that we carefully review and test our security updates to ensure that they are of high quality and have been evaluated thoroughly for application compatibility. And for IE it’s not only application compatibility, but web compatibility also."

A patch released in January by Russian software programmer Ilfak Guilfanov protected computers against a critical flaw in the Windows Meta File (WMF) format. Although Microsoft frowned upon that fix as well, tens of thousands of people downloaded the software update.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
Thousands download third-party patches 2006-03-31
Juha-Matti Laurio


Privacy Statement
Copyright 2009, SecurityFocus