Microsoft promises two-step IE fix
Protection first, then an update
Microsoft has promised it will release a fix “in the next few days” to address the recently-identified flaw in Internet Explorer. At the time of writing, it is only possible to work around the bug, or stop using Internet Explorer, if one wishes to avoid the potential effects of attacks exploiting the vulnerability.
In a new TechNet post, Microsoft's Director of Trustworthy Computing Yunsun Wee writes that Redmond will issue a fix he describes as “an easy-to-use, one-click, full-strength solution any Internet Explorer user can install.”
But the fix Redmond issues won't be the end of the matter, as Wee goes on to say “it will provide full protection against this issue until an update is available.”
Which sounds an awful lot like an interim patch, rather than the final and definitive fix.
The sole piece of good news is Wee's statement that the wound in IE isn't being poked at by many attackers. He insists “we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people”. ®