|
Five Microsoft patches next week |
|
Monday, 10 April 2006 |
|
Microsoft confirmed Thursday that the createTextRange security flaw in Internet Explorer will be among those addressed in its monthly patch rollout April 11. In all, the company said on its TechNet site, customers can expect five updates for Microsoft Windows and Microsoft Office -- at least one of them critical.
Still, for all the attention the createTextRange flaw has received in recent weeks, network administrator Susan Bradley has found little reason to fear it.
More than 200 malicious Web sites have attempted to exploit the flaw, which Microsoft has yet to patch. The heightened anxiety prompted Aliso Viejo, Calif.-based eEye Digital Security Inc. and Redwood City, Calif.-based vulnerability protection firm Determina Inc. to release their own fixes. But to date, no Internet-crippling attacks have materialized, said Bradley, who works for Fresno, Calif.-based Tamiyasu, Smith, Horn and Braun Accountancy Corp.
"With this flaw, I don't feel the same sense of paranoia as I did with the WMF flaw," she said, referring to the Windows vulnerability that was attacked on a massive scale at the start of the year, prompting Microsoft to release an out-of-cycle patch.
"This time, Microsoft has been very clear in saying the flaw is there and that they're working on a patch to release on a specific date," she said, "and they've offered workarounds."
|
Advertises 