AfterDawn: News

Microsoft offers temporary fix for exploited IE bug

Microsoft has offered a temporary "Fix It" workaround for a bug in Internet Explorer 6, 7 and 8 that is being exploited on some websites.

The vulnerability involves the way the browser handles cascading style sheets (CSS), triggered by recursive CSS pages where the style sheets include their own address. The flaw was confirmed by Microsoft in December, and it has updated its advisory to include a workaround due to reports of attacks that target the vulnerability.



The workaround comes in the form of a "Fix It" solution from Microsoft. To be effective, the browser needs to have all the existing security updates installed. The fix basically forces Internet Explorer to avoid importing a CSS style sheet if it has the same URL as the CSS style sheet from which it is being loaded.

Using the Fix It solution will cause a slight performance hit, adding about 150 milliseconds to the browser's start-up time, so it should be removed after Microsoft releases a proper security update for the flaw.

Written by: James Delahunty @ 11 Jan 2011 23:21

• Previous article

• Google will remove support for H.264 from Chrome

• Next article

• ConnectU founders appeal $65 million settlement with Facebook

• 6 comments

• Zealousi

  Temp fix lol
  
  last i saw there was a target on windows and i am sure there was a big enough hole in the bull's eye to fly a blimp through.
  
  another security flaw is nothing new for windows, the day they fix their OS will be well never lol
  

  12.1.2011 02:28 #1

• KillerBug

  I have a permanent fix...it is called Firefox.
  

  12.1.2011 03:02 #2

• Zealousi

  Originally posted by KillerBug: I have a permanent fix...it is called Firefox. LOL
  
  Remember to remove IE from system too, it is a security risk to have that pre installed program on any computer.
  
  Microsoft is a lul
  

  12.1.2011 04:02 #3

• KillerBug

  Unfortunately, the guys over at FireFox are a bit too strict with security (too strict in the sense that you cannot turn off safeguards, even temporarily), so I still need IE for CMS...but I use FF for everything else.

  12.1.2011 23:45 #4

• xaznboitx

  Originally posted by KillerBug: Unfortunately, the guys over at FireFox are a bit too strict with security (too strict in the sense that you cannot turn off safeguards, even temporarily), so I still need IE for CMS...but I use FF for everything else. too bad the popup blocker doesn't even block anything like ie does
  

  13.1.2011 11:26 #5

• Mr-Movies

  Originally posted by KillerBug: Unfortunately, the guys over at FireFox are a bit too strict with security (too strict in the sense that you cannot turn off safeguards, even temporarily), so I still need IE for CMS...but I use FF for everything else. That is exactly right and is why FireFox is not a viable alternative for IE. I use FireFox but my main internet browser is AvantBrowser, better features and no blocked sites like in FF. OrcaBrowser is also a good alternative and is based on FireFox but is from the same provider as Avant, both are totally free!
  
  I've had plenty of problems with IE's new ways and this band-aid fix is a joke. Your better off just waiting until they have what might seem to be a real fix.
  

  13.1.2011 14:06 #6