Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Unofficial IE Patches Block Attacks

Posted by ryuzaki0 on from the egg-is-good-for-the-complexion dept.

Pentrex writes "eWeek reports that two well-respected Internet security companies (eEye and Determina) have released unofficial patches to correct the vulnerability being exploited to load spyware, bots and Trojan downloaders on Windows machines. Microsoft isn't sanctioning the third-party patches, which include source code for review. As always, the advice is to weigh the risks before opting for an unofficial hotfix."

3 of 233 comments (clear)

  1. But how many would install them? by E+IS+mC(Square) · · Score: 5, Insightful

    Given the fact that the average IE user would not even be aware of the flaw, how would he even know such third party patches even exist?

    Most of them are going to be patched only when MS releases the patch, AND they have selected to be updated automatically.

    Its a horrible situation.

  2. Re:Are there not risks even with official patches? by tshak · · Score: 5, Insightful

    I suppose that is better than MS assurances that they extensively tested the fix before release.

    This quite far from the truth. Reading source code will not find the integration problems that can come up when you release a patch on millions of machines with different configurations.

    --

    There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
  3. Anyone remember? by WalterGR · · Score: 5, Insightful

    Does anyone remember the previous third-party patch to IE? This is from December of '03.

    Slashdot: "Open Source Firm Releases Patch for IE Bug [UPDATED]"

    An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer... Update: Sadly, the patch appears to contain a buffer overflow and some possibly-malicious code. (link)
    --
    The Online Slang Dictionary