Microsoft testing Internet Explorer patch – don’t hold your breath
by Steve Ragan - Mar 15 2010, 10:00Microsoft is working to patch an Internet Explorer vulnerability disclosed on the same day they released their monthly security fixes. However, while the patch is undergoing testing, don’t hold your breath expecting it anytime soon.
On Friday, the MSRC blog posted an update on the status of the vulnerability affecting Internet Explorer 6 and Internet Explorer 7. As with previous notifications on the issue, Microsoft reminds everyone that Internet Explorer 8 is not vulnerable, and urges everyone to update.
“We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing,” Jerry Bryant said in the MSRC post.
However, “This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows,” he added. “Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications.”
With that said, while Microsoft will not rule out a fix for the Internet Explorer issues before next month’s security releases, they are making no plans to go out-of-band for a release. “When the update is ready for broad distribution, we will make that decision based on customer needs.”
Translation, you’ll get the patch when and only when they are ready to release it.
It isn’t uncommon for a fix to be held for quite some time before it is released. This has happened before with vulnerabilities in Internet Explorer, as well as Microsoft Word.
In late 2006 into early 2007, there were four vulnerabilities in Microsoft Word disclosed within a month in a half of each other. Each one had attacks leveraging them online. The flaws were not patched fully until the following February release.
To address needs before a fix is official, Microsoft has released Fix IT tools to disable the peer factory class through registry key modifications. The Fix IT tool, for Windows XP and Windows Server 2003 customers is here.
Comment on this Story