Microsoft couldn't patch its IE flawDate: March 29, 2006
Source: Washington Post
The third-party fixes from Aliso Viejo, Calif.-based eEye Digital Security and Determina of Redwood City, Calif., came after Microsoft said it did not plan to issue its own update until April 11, the next date in its regular monthly security-update cycle.
Meanwhile, security experts have identified at least 200 Web sites that are being used to install password-stealing malware on Windows PCs when users merely visit one of the sites with IE.
This scenario is shaping up in a familiar way. During the final days of 2005, hackers released code that could be used to break into Windows computers whose users visited certain Web sites or opened image files infected with the code. After thousands of Web sites began using the code to install spyware and other unwanted crud, independent security researcher Ilfak Guilfanov on Jan. 1 released a free patch to fix the problem.
Amid growing criticism for saying it would wait another nine days to issue its own update, Microsoft accelerated its patch process and pushed out a fix by Jan. 5.
Add comment Email to a Friend