[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 29 March 2006, 10:37 GMT 11:37 UK
Bad web browser bug gets patched
Computer keyboard, Eyewire
Users face a tricky choice on whether they use the patches
Security firms have released patches for a critical loophole in Microsoft's browser that leaves users open to attack.

The release pre-empts Microsoft which is not due to release a fix for the bug until 11 April.

The security firms said the patches were needed because hundreds of websites had been created to exploit the loophole.

But Microsoft said it did not recommend that users apply the patches.

Patch problem

In late March, three security loopholes were found in Microsoft's Internet Explorer browser by security firms.

The most serious of the three, known as the CreateTextRange bug, allowed malicious hackers to take over a PC if it was used to visit specially crafted webpages.

Now two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole. Earlier, Microsoft said it would produce a patch in time for the next scheduled Windows security update that falls on 11 April.

Marc Maiffret, eEye's co-founder and chief hacking officer, said its patch was a stop-gap prior to the official version from Microsoft. He said eEye's patch would disable itself once the official version was released and installed.

Microsoft said it could not endorse the patches or recommend that users install them as they had not been through the software giant's testing and evaluation program.

Although Microsoft has played down the threat from people exploiting this loophole, others have found hundreds of websites built to take advantage of the bug in the IE web browser.

Websense said it had seen more than 200 unique web links that were trying to catch people out using the loophole.

On its security blog, Microsoft said it was working with law enforcement to shut down websites created to exploit the bug.

Microsoft warns on browser bugs
27 Mar 06 |  Technology
European phishing gangs targeted
20 Mar 06 |  Technology
Microsoft tackles security rivals
09 Feb 06 |  Technology
Denial-of-service hacking soars
09 Mar 06 |  Technology
How to stay off the suckers' list
07 Feb 06 |  Magazine

The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific