Microsoft half fixes serious IE vuln
Download.Ject patches pending
Microsoft issued a workaround today to guard against a serious vulnerability in Internet Explorer which created a way for hackers to turn popular websites into conduits for viral transmission.
Configuration changes to the Windows XP, Windows Server 2003 and Windows 2000 operating systems introduced today do not fix the underlying problem with IE, but they do protect against the Download.Ject attack. The configuration changes are currently available on Microsoft’s Download Centre and will be made available later today through Windows Update. Microsoft is working on a series of patches to provide a more comprehensive fix. It didn’t say when they would be available.
Acting with law enforcement authorities, Microsoft was able to rapidly shut down the Russian website, but the affair still highlighted security concerns with IE. Security clearing house US-CERT took the extraordinary step of advising users to ditch IE in favour of alternative browsers.
Microsoft is "continuing to work with law enforcement and industry partners to identify the individuals or entities responsible for Download.Ject Internet attack, and bring those responsible for this criminal act to justice". ®