Microsoft says it is working on a patch for the latest "highly critical" Internet Explorer hole, and that users can expect its release on April 11, if not sooner. The remote code execution hole relies on an error in the processing of a DHTML method call applied to radio button controls, and can be triggered when a user visits a malicious website. Unwanted code can then be executed on the user's system, which allows the installation of a Trojan horse capable of letting third parties take control of the machine. The exploit is reported to be growing at a rate of 10 new malicious URLs every hour, as websites are hijacked in order to lure users into becoming infected.
On Saturday, MSRC Program Manager Stephen Toulouse stated that the attacks were "limited in scope for now," but that Microsoft was working "day and night" on a cumulative security update to fix the vulnerability. That patch is on schedule and should be available by April 11, although Toulouse said Microsoft would release it sooner if necessary. In the meantime, users of Internet Explorer versions older than the latest IE7 beta are advised to enable the Windows Firewall, update their Anti-Virus software, and use an alternative browser such as Mozilla Firefox or Opera if possible.
|Leica M10 further refines rangefinders for the digital age||11|
|NZXT adds purple-and-white finishes to its hardware catalog||10|
|Asus shows off Zenbook 3 Deluxe UX490A in detail||38|
|Tom's Hardware hammers an Intel 600p SSD for science||28|
|Antec Cube Mini-ITX chassis gets EKWB-certified||1|
|iBuypower Snowblind is a fresh take on case side panels||15|
|Radeon 17.1.1 drivers bring support for Resident Evil 7||17|
|NexDock offers a home for Intel Compute Cards||12|
|Imagination Technologies freshens up mid-range PowerVR GPUs||5|