Microsoft claims that the first stopgap is a "solution for peer factory in iepeers.dll," while the second fix enables Data Execution Prevention (DEP) for those versions of Internet Explorer that happen to support DEP.
Both measures can be downloaded to a USB flash drive and run on affected machines one at a time. That's helpful for home users or a small IT shop, but it's not particularly scalable to the enterprise environment, and there doesn't seem to be any mention of automated deployment methods.
Read the updated advisory to get the details regarding which IE/Windows versions are at risk and to download the "Fit It" code, and make sure you have a plan to roll back the changes if you notice anything not working properly after you run the fix.
No word yet on when Microsoft plans on formally releasing a patch, but with exploit code being posted online, the pressure is on to get something out quickly. We'll see if this means another out-of-band critical patch release.
No comments:
Post a Comment
Please tell me what you think.