Microsoft to patch IE flaw by April 11
Microsoft says it is working on a patch for the latest "highly critical" Internet Explorer hole, and that users can expect its release on April 11, if not sooner. The remote code execution hole relies on an error in the processing of a DHTML method call applied to radio button controls, and can be triggered when a user visits a malicious website. Unwanted code can then be executed on the user's system, which allows the installation of a Trojan horse capable of letting third parties take control of the machine. The exploit is reported to be growing at a rate of 10 new malicious URLs every hour, as websites are hijacked in order to lure users into becoming infected.
On Saturday, MSRC Program Manager Stephen Toulouse stated that the attacks were "limited in scope for now," but that Microsoft was working "day and night" on a cumulative security update to fix the vulnerability. That patch is on schedule and should be available by April 11, although Toulouse said Microsoft would release it sooner if necessary. In the meantime, users of Internet Explorer versions older than the latest IE7 beta are advised to enable the Windows Firewall, update their Anti-Virus software, and use an alternative browser such as Mozilla Firefox or Opera if possible.