Select Page

eEye has released a patch for the active IE zero day exploit:

Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw. Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation [my emphasis].

Link here.

Yup, I agree. Don’t bother using this patch — turning off Active Scripting in IE is a valid mitigator. Microsoft will have this patched on (or possibly before) April 11.

Alex Eckelberry
(Hat tip to Andreas)