IE exploit unofficial patches



While we wait for Microsoft to release a patch for the MOST recent Internet Explorer vulnerability….. it looks as though MS is “planning” to release a patch on their routine patch day of April 11th. (However they could always change their mind…) As before though there are some 3rd party patches. I’ve got to say I’m slightly uncomfortable with the prospect of a third party patch when there are workarounds (use another browser, disable active scripting….) However, for some those aren’t enough options. I know of two unofficial patches.


Three if you count firefox… ;-)

Anyway, eEye Digital Security is the maker of one, which will remove itself when Microsoft’s fix is installed. Determina also has a “standalone fix”.

With regards to third party patches. Be very cautious. I have not tested either of these. My feeling is they would pose no great risk given the sources. (I’d be more likely to trust the eEye patch from their reputation – nothing against Determina, I just don’t recall having heard of them.) I WOULD test these thoroughly on a sacrificable/sandboxed system before daring to push out use to any other systems. AND most importantly I’d question if it’s really worth the risk of trying a third party patch when there are other options. (I know disabling active scripting can have frustrating consequences.)

That much said, I also know it’s nice to have options.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Update day for September.... AND Flash... AND Apple Yesterday, of course, Microsoft released it's monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn't quite a huge update day by recent standards, but here's the summary.... Incidents.org has a nice chart showing the two re-released patches (one is actually......
  • Microsoft security roundup OK - there have been a number of Excel problems floating around in the last week - week and a half. Securiteam blog has a FAQ on the Excel 0-day vulnerabilities with Excel and Excel Viewer Incidents.org kindly gives us a scoresheet documenting the three different vulnerabilities that have been......
  • Out of Cycle Windows Update - Patch Today Yesterday news broke of an out of cycle security patch for Windows. The bulletin is available from Microsoft. Apparently the vulnerability was in the Windows Server service (XP, 2003, 2000, 2008, Vista ALL affected though regardless of server/workstation/client/desktop/etc...). The RPC handling (remote procedure call) is the achilles heel this time......
Blog Traffic Exchange Related Websites
  • Bachelor Party Finances – 5 Ways to Keep Costs Low Yesterday, I got back from a ridiculous weekend at the New Jersey Shore (Avalon to be exact).  I was there for my friend’s bachelor party.  I have known this buddy since we were 8, so being one-third of the team that was setting it up, I was pumped to......
  • What is Patch Tuesday? Excellent explanation of Patch Tuesday by TMI Engineering Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches. Starting with Windows 98, Microsoft included a "Windows Update" system, that would check for patches to Windows and its components which Microsoft would release intermittently. With......
  • Prosper Starting To Use the Developer Mailing List I have been a member of the Prosper developer mailing listing since the list's inception... This is the 1st instance of using the list.  They made the relevant announcement.  Kudos! (it is about time) Here is the email... Prosper is experiencing two issues that may be affecting your applications and code.......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site